[root@radiustest ~]# radiusd -X [0 16:24:05] Copyright (C) 1999-2015 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/local/share/freeradius/dictionary including dictionary file /usr/local/share/freeradius/dictionary.dhcp including dictionary file /usr/local/share/freeradius/dictionary.vqp including dictionary file /usr/local/etc/raddb/dictionary including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/mods-enabled/ including configuration file /usr/local/etc/raddb/mods-enabled/always including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap including configuration file /usr/local/etc/raddb/mods-enabled/chap including configuration file /usr/local/etc/raddb/mods-enabled/detail including configuration file /usr/local/etc/raddb/mods-enabled/detail.log including configuration file /usr/local/etc/raddb/mods-enabled/digest including configuration file /usr/local/etc/raddb/mods-enabled/dhcp including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients including configuration file /usr/local/etc/raddb/mods-enabled/eap including configuration file /usr/local/etc/raddb/mods-enabled/echo including configuration file /usr/local/etc/raddb/mods-enabled/exec including configuration file /usr/local/etc/raddb/mods-enabled/expiration including configuration file /usr/local/etc/raddb/mods-enabled/expr including configuration file /usr/local/etc/raddb/mods-enabled/files including configuration file /usr/local/etc/raddb/mods-enabled/logintime including configuration file /usr/local/etc/raddb/mods-enabled/mschap including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth including configuration file /usr/local/etc/raddb/mods-enabled/pap including configuration file /usr/local/etc/raddb/mods-enabled/passwd including configuration file /usr/local/etc/raddb/mods-enabled/preprocess including configuration file /usr/local/etc/raddb/mods-enabled/radutmp including configuration file /usr/local/etc/raddb/mods-enabled/realm including configuration file /usr/local/etc/raddb/mods-enabled/replicate including configuration file /usr/local/etc/raddb/mods-enabled/soh including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp including configuration file /usr/local/etc/raddb/mods-enabled/unix including configuration file /usr/local/etc/raddb/mods-enabled/unpack including configuration file /usr/local/etc/raddb/mods-enabled/utf8 including configuration file /usr/local/etc/raddb/mods-enabled/sql including configuration file /usr/local/etc/raddb/mods-config/sql/main/postgresql/queries.conf including configuration file /usr/local/etc/raddb/mods-enabled/netreg including configuration file /usr/local/etc/raddb/mods-enabled/utk_ad including configuration file /usr/local/etc/raddb/mods-enabled/eduroam_eap including configuration file /usr/local/etc/raddb/mods-enabled/ut-wpa2_eap including configuration file /usr/local/etc/raddb/mods-enabled/classify_user including configuration file /usr/local/etc/raddb/mods-enabled/eduroam_inner_cache including configuration file /usr/local/etc/raddb/mods-enabled/eduroam_outer_cache including configuration file /usr/local/etc/raddb/mods-enabled/mac_auth_cache including configuration file /usr/local/etc/raddb/mods-enabled/outer_cache including configuration file /usr/local/etc/raddb/mods-enabled/ut-wpa2_inner_cache including files in directory /usr/local/etc/raddb/policy.d/ including configuration file /usr/local/etc/raddb/policy.d/accounting including configuration file /usr/local/etc/raddb/policy.d/canonicalization including configuration file /usr/local/etc/raddb/policy.d/control including configuration file /usr/local/etc/raddb/policy.d/cui including configuration file /usr/local/etc/raddb/policy.d/debug including configuration file /usr/local/etc/raddb/policy.d/dhcp including configuration file /usr/local/etc/raddb/policy.d/eap including configuration file /usr/local/etc/raddb/policy.d/filter including configuration file /usr/local/etc/raddb/policy.d/operator-name including configuration file /usr/local/etc/raddb/policy.d/ut-visitor including configuration file /usr/local/etc/raddb/policy.d/abfab-tr including configuration file /usr/local/etc/raddb/policy.d/ut-open including configuration file /usr/local/etc/raddb/policy.d/eduroam including configuration file /usr/local/etc/raddb/policy.d/ut-wpa2 including configuration file /usr/local/etc/raddb/policy.d/vendor including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file /usr/local/etc/raddb/sites-enabled/status including configuration file /usr/local/etc/raddb/sites-enabled/eduroam including configuration file /usr/local/etc/raddb/sites-enabled/open main { security { user = "radius" group = "radius" allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" panic_action = "gdb %e %p" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes allow_vulnerable_openssl = "yes" } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server tlrs1_eduroam_us { ipaddr = tlrs1.eduroam.us IPv4 address [64.57.22.74] port = 1812 type = "auth+acct" secret = <<< secret >>> response_window = 30.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 300 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server tlrs2_eduroam_us { ipaddr = tlrs2.eduroam.us IPv4 address [64.57.22.78] port = 1812 type = "auth+acct" secret = <<< secret >>> response_window = 30.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 300 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } realm utk.edu { } realm vols.utk.edu { } realm tennessee.edu { } realm ~(.*\\.)?(utk|tennessee|utsi)(\\.edu)?$ { } realm LOCAL { } home_server_pool eduroam_us { type = fail-over home_server = tlrs1_eduroam_us home_server = tlrs2_eduroam_us } realm DEFAULT { pool = eduroam_us nostrip } realm NULL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" virtual_server = "default" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client localhost_ipv6 { ipv6addr = ::1 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client controllers { ipaddr = 10.5.0.0/24 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client ns-workstations { ipaddr = 160.36.83.192/26 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" virtual_server = "default" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client utsi { ipaddr = 150.182.12.210 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" virtual_server = "default" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client tlrs1.eduroam.us { ipaddr = tlrs1.eduroam.us IPv4 address [64.57.22.74] require_message_authenticator = no secret = <<< secret >>> nas_type = "other" virtual_server = "eduroam-remote" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client tlrs2.eduroam.us { ipaddr = tlrs2.eduroam.us IPv4 address [64.57.22.78] require_message_authenticator = no secret = <<< secret >>> nas_type = "other" virtual_server = "eduroam-remote" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Debugger not attached # Creating Autz-Type = Status-Server # Creating Auth-Type = eduroam_eap # Creating Auth-Type = LDAP radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_always # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response # Loaded module rlm_cache # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Loaded module rlm_chap # Instantiating module "chap" from file /usr/local/etc/raddb/mods-enabled/chap # Loaded module rlm_detail # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail detail { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_digest # Instantiating module "digest" from file /usr/local/etc/raddb/mods-enabled/digest # Loaded module rlm_dhcp # Instantiating module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_eap # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 1024 } # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" ca_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/usr/local/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Loaded module rlm_exec # Instantiating module "echo" from file /usr/local/etc/raddb/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Instantiating module "exec" from file /usr/local/etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_expiration # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration # Loaded module rlm_expr # Instantiating module "expr" from file /usr/local/etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } # Loaded module rlm_files # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files files { filename = "/usr/local/etc/raddb/mods-config/files/authorize" usersfile = "/usr/local/etc/raddb/mods-config/files/authorize" acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy" compat = "cistron" } reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy # Loaded module rlm_logintime # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_mschap # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}" passchange { } allow_retry = yes } # Instantiating module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_pap # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups" hints = "/usr/local/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints # Loaded module rlm_radutmp # Instantiating module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_realm # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\\" ignore_default = no ignore_null = no } # Loaded module rlm_replicate # Instantiating module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate # Loaded module rlm_soh # Instantiating module "soh" from file /usr/local/etc/raddb/mods-enabled/soh soh { dhcp = yes } # Instantiating module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/usr/local/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_unix # Instantiating module "unix" from file /usr/local/etc/raddb/mods-enabled/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } # Loaded module rlm_unpack # Instantiating module "unpack" from file /usr/local/etc/raddb/mods-enabled/unpack # Loaded module rlm_utf8 # Instantiating module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8 # Loaded module rlm_sql # Instantiating module "sql" from file /usr/local/etc/raddb/mods-enabled/sql sql { driver = "rlm_sql_postgresql" server = "localhost" port = "5432" login = "radiusd" password = <<< secret >>> radius_db = "radius" read_groups = yes read_profiles = yes read_clients = no delete_stale_sessions = yes sql_user_name = "%{User-Name}" logfile = "/usr/local/var/log/radius/sqllog.sql" default_user_profile = "" client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority" safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" accounting { reference = "%{tolower:type.%{%{Acct-Status-Type}:-none}.query}" logfile = "/usr/local/var/log/radius/accounting.sql" type { accounting-on { query = "UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctSessionTime = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime))), AcctTerminateCause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}', WHERE AcctStopTime IS NULL AND NASIPAddress= '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' AND AcctStartTime <= '%S'::timestamp" } accounting-off { query = "UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctSessionTime = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime))), AcctTerminateCause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}', WHERE AcctStopTime IS NULL AND NASIPAddress= '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' AND AcctStartTime <= '%S'::timestamp" } start { query = "INSERT INTO radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctUpdateTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_Stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIpAddress, ArubaEssidName, ArubaLocationId, ArubaAPGroup, ArubaUserRole, ArubaUserVlan, ArubaDeviceType) VALUES('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', NULLIF('%{Realm}', ''), '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}', %{%{NAS-Port}:-NULL}, '%{NAS-Port-Type}', TO_TIMESTAMP(%{integer:Event-Timestamp}), TO_TIMESTAMP(%{integer:Event-Timestamp}), NULL, 0, '%{Acct-Authentic}', '%{Connect-Info}', NULL, 0, 0, '%{Called-Station-Id}', '%{Calling-Station-Id}', NULL, '%{Service-Type}', '%{Framed-Protocol}', NULLIF('%{Framed-IP-Address}', '')::inet, '%{Aruba-Essid-Name}', '%{Aruba-Location-Id}', '%{Aruba-AP-Group}', '%{Aruba-User-Role}', '%{Aruba-User-Vlan}', '%{Aruba-Device-Type}')" } interim-update { query = "UPDATE radacct SET FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, AcctSessionTime = %{%{Acct-Session-Time}:-NULL}, AcctInterval = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)))), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint), AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint) WHERE (AcctUniqueId = '%{Acct-Unique-Session-Id}') AND AcctStopTime IS NULL" } stop { query = "UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctSessionTime = COALESCE(%{%{Acct-Session-Time}:-NULL}, (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime)))), AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint), AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint), AcctTerminateCause = '%{Acct-Terminate-Cause}', FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, ConnectInfo_stop = '%{Connect-Info}' WHERE (AcctUniqueId = '%{Acct-Unique-Session-Id}') AND AcctStopTime IS NULL" } } } post-auth { reference = ".query" query = "INSERT INTO radpostauth (username, outerusername, reply, calledstationid, callingstationid, arubauserrole, arubauservlan, modulefailuremessage, nasipaddress, arubalocationid, arubaapgroup, arubaessidname, arubadevicetype, authdate) VALUES('%{%{reply:User-Name}:-%{User-Name}}', '%{%{outer.request:User-Name}:-%{request:User-Name}}', '%{reply:Packet-Type}', '%{Called-Station-Id}', '%{Calling-Station-Id}', NULLIF('%{reply:Aruba-User-Role}', ''), NULLIF('%{reply:Aruba-User-Vlan}', '')::int, NULLIF('%{Module-Failure-Message[*]}', ''), NULLIF('%{NAS-IP-Address}', '')::inet, NULLIF('%{Aruba-Location-Id}', ''), NULLIF('%{Aruba-AP-Group}', ''), NULLIF('%{Aruba-Essid-Name}', ''), NULLIF('%{Aruba-Device-Type}', ''), NOW())" } } postgresql { send_application_name = no } rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked rlm_sql (sql): Attempting to connect to database "radius" rlm_sql (sql): Initialising connection pool pool { start = 5 min = 4 max = 32 spare = 3 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 1800 retry_delay = 1 spread = no } rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' port=5432 user='radiusd' password='L!744Rnd;' Connected to database 'radius' on 'localhost' server version 90210, protocol version 3, backend PID 25453 rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' port=5432 user='radiusd' password='L!744Rnd;' Connected to database 'radius' on 'localhost' server version 90210, protocol version 3, backend PID 25454 rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' port=5432 user='radiusd' password='L!744Rnd;' Connected to database 'radius' on 'localhost' server version 90210, protocol version 3, backend PID 25455 rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' port=5432 user='radiusd' password='L!744Rnd;' Connected to database 'radius' on 'localhost' server version 90210, protocol version 3, backend PID 25456 rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' port=5432 user='radiusd' password='L!744Rnd;' Connected to database 'radius' on 'localhost' server version 90210, protocol version 3, backend PID 25457 # Loaded module rlm_ldap # Instantiating module "netreg" from file /usr/local/etc/raddb/mods-enabled/netreg ldap netreg { server = "ldaps://hawn.oit.utk.edu:636" port = 636 password = <<< secret >>> identity = "uid=nro,ou=units,ou=networkregistration,dc=tennessee,dc=edu" user { scope = "sub" access_positive = yes } group { filter = "(objectClass=group)" scope = "sub" name_attribute = "cn" membership_attribute = "memberOf" membership_filter = "(&(objectClass=group)(member=%{%{check:Ldap-UserDn[1]}:-%{check:Ldap-UserDn}}))" cacheable_name = no cacheable_dn = no } client { filter = "(objectClass=radiusClient)" scope = "sub" base_dn = "dc=tennessee,dc=edu" } profile { } options { ldap_debug = 0 chase_referrals = yes rebind = yes net_timeout = 1 res_timeout = 20 srv_timelimit = 20 idle = 60 probes = 3 interval = 3 } tls { start_tls = no require_cert = "never" } } rlm_ldap: libldap vendor: OpenLDAP, version: 20439 rlm_ldap (netreg): Couldn't find configuration for accounting, will return NOOP for calls from this section rlm_ldap (netreg): Couldn't find configuration for post-auth, will return NOOP for calls from this section rlm_ldap (netreg): Initialising connection pool pool { start = 5 min = 4 max = 32 spare = 3 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 1 spread = no } rlm_ldap (netreg): Opening additional connection (0), 1 of 32 pending slots used rlm_ldap (netreg): Connecting to ldaps://hawn.oit.utk.edu:636 rlm_ldap (netreg): Waiting for bind result... rlm_ldap (netreg): Bind successful rlm_ldap (netreg): Opening additional connection (1), 1 of 31 pending slots used rlm_ldap (netreg): Connecting to ldaps://hawn.oit.utk.edu:636 rlm_ldap (netreg): Waiting for bind result... rlm_ldap (netreg): Bind successful rlm_ldap (netreg): Opening additional connection (2), 1 of 30 pending slots used rlm_ldap (netreg): Connecting to ldaps://hawn.oit.utk.edu:636 rlm_ldap (netreg): Waiting for bind result... rlm_ldap (netreg): Bind successful rlm_ldap (netreg): Opening additional connection (3), 1 of 29 pending slots used rlm_ldap (netreg): Connecting to ldaps://hawn.oit.utk.edu:636 rlm_ldap (netreg): Waiting for bind result... rlm_ldap (netreg): Bind successful rlm_ldap (netreg): Opening additional connection (4), 1 of 28 pending slots used rlm_ldap (netreg): Connecting to ldaps://hawn.oit.utk.edu:636 rlm_ldap (netreg): Waiting for bind result... rlm_ldap (netreg): Bind successful # Instantiating module "utk_ad" from file /usr/local/etc/raddb/mods-enabled/utk_ad ldap utk_ad { server = "ldaps://tmail.utk.edu:3269" port = 3269 password = <<< secret >>> identity = "_nsservice@utk.tennessee.edu" user { scope = "sub" access_positive = yes } group { filter = "(objectClass=group)" scope = "sub" name_attribute = "cn" membership_attribute = "memberOf" membership_filter = "(&(objectClass=group)(member=%{%{check:Ldap-UserDn[1]}:-%{check:Ldap-UserDn}}))" cacheable_name = no cacheable_dn = no } client { filter = "(objectClass=radiusClient)" scope = "sub" base_dn = "dc=tennessee,dc=edu" } profile { } options { ldap_debug = 0 chase_referrals = yes rebind = yes net_timeout = 1 res_timeout = 20 srv_timelimit = 20 idle = 60 probes = 3 interval = 3 } tls { start_tls = no require_cert = "never" } } rlm_ldap (utk_ad): Couldn't find configuration for accounting, will return NOOP for calls from this section rlm_ldap (utk_ad): Couldn't find configuration for post-auth, will return NOOP for calls from this section rlm_ldap (utk_ad): Initialising connection pool pool { start = 5 min = 4 max = 32 spare = 3 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 300 retry_delay = 1 spread = no } rlm_ldap (utk_ad): Opening additional connection (0), 1 of 32 pending slots used rlm_ldap (utk_ad): Connecting to ldaps://tmail.utk.edu:3269 rlm_ldap (utk_ad): Waiting for bind result... rlm_ldap (utk_ad): Bind successful rlm_ldap (utk_ad): Opening additional connection (1), 1 of 31 pending slots used rlm_ldap (utk_ad): Connecting to ldaps://tmail.utk.edu:3269 rlm_ldap (utk_ad): Waiting for bind result... rlm_ldap (utk_ad): Bind successful rlm_ldap (utk_ad): Opening additional connection (2), 1 of 30 pending slots used rlm_ldap (utk_ad): Connecting to ldaps://tmail.utk.edu:3269 rlm_ldap (utk_ad): Waiting for bind result... rlm_ldap (utk_ad): Bind successful rlm_ldap (utk_ad): Opening additional connection (3), 1 of 29 pending slots used rlm_ldap (utk_ad): Connecting to ldaps://tmail.utk.edu:3269 rlm_ldap (utk_ad): Waiting for bind result... rlm_ldap (utk_ad): Bind successful rlm_ldap (utk_ad): Opening additional connection (4), 1 of 28 pending slots used rlm_ldap (utk_ad): Connecting to ldaps://tmail.utk.edu:3269 rlm_ldap (utk_ad): Waiting for bind result... rlm_ldap (utk_ad): Bind successful # Instantiating module "eduroam_eap" from file /usr/local/etc/raddb/mods-enabled/eduroam_eap eap eduroam_eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 1024 } # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/radius.ns.utk.edu.key" certificate_file = "/usr/local/etc/raddb/certs/radius.ns.utk.edu.chain.crt" ca_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/usr/local/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes soh = no require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "ut-wpa2_eap" from file /usr/local/etc/raddb/mods-enabled/ut-wpa2_eap eap ut-wpa2_eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 1024 } # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/radius.ns.utk.edu.key" certificate_file = "/usr/local/etc/raddb/certs/radius.ns.utk.edu.chain.crt" ca_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/usr/local/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "ut-wpa2-inner-tunnel" include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "ut-wpa2-inner-tunnel" soh = no require_client_cert = no } Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Loaded module rlm_perl # Instantiating module "classify_user" from file /usr/local/etc/raddb/mods-enabled/classify_user perl classify_user { filename = "/usr/local/etc/raddb/mods-config/perl/classify_user.pl" func_authorize = "authorize" func_authenticate = "authenticate" func_post_auth = "post_auth" func_accounting = "accounting" func_preacct = "preacct" func_checksimul = "checksimul" func_detach = "detach" func_xlat = "xlat" func_pre_proxy = "pre_proxy" func_post_proxy = "post_proxy" func_recv_coa = "recv_coa" func_send_coa = "send_coa" } # Instantiating module "eduroam_inner_cache" from file /usr/local/etc/raddb/mods-enabled/eduroam_inner_cache cache eduroam_inner_cache { driver = "rlm_cache_memcached" key = "%{User-Name}" ttl = 14400 max_entries = 0 epoch = 0 add_stats = no } rlm_cache (eduroam_inner_cache): Driver rlm_cache_memcached (module rlm_cache_memcached) loaded and linked rlm_cache_memcached: libmemcached version: 1.0.16 memcached { options = "--SERVER=localhost" } rlm_cache (eduroam_inner_cache): Initialising connection pool pool { start = 5 min = 4 max = 32 spare = 3 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 1 spread = no } rlm_cache (eduroam_inner_cache): Opening additional connection (0), 1 of 32 pending slots used rlm_cache (eduroam_inner_cache): Opening additional connection (1), 1 of 31 pending slots used rlm_cache (eduroam_inner_cache): Opening additional connection (2), 1 of 30 pending slots used rlm_cache (eduroam_inner_cache): Opening additional connection (3), 1 of 29 pending slots used rlm_cache (eduroam_inner_cache): Opening additional connection (4), 1 of 28 pending slots used # Instantiating module "eduroam_outer_cache" from file /usr/local/etc/raddb/mods-enabled/eduroam_outer_cache cache eduroam_outer_cache { driver = "rlm_cache_rbtree" key = "%{User-Name}" ttl = 14400 max_entries = 0 epoch = 0 add_stats = no } rlm_cache (eduroam_outer_cache): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "mac_auth_cache" from file /usr/local/etc/raddb/mods-enabled/mac_auth_cache cache mac_auth_cache { driver = "rlm_cache_rbtree" key = "%{User-Name}" ttl = 14400 max_entries = 0 epoch = 0 add_stats = no } rlm_cache (mac_auth_cache): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "outer_cache" from file /usr/local/etc/raddb/mods-enabled/outer_cache cache outer_cache { driver = "rlm_cache_rbtree" key = "%{User-Name}" ttl = 14400 max_entries = 0 epoch = 0 add_stats = no } rlm_cache (outer_cache): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "ut-wpa2_inner_cache" from file /usr/local/etc/raddb/mods-enabled/ut-wpa2_inner_cache cache ut-wpa2_inner_cache { driver = "rlm_cache_rbtree" key = "%{User-Name}" ttl = 14400 max_entries = 0 epoch = 0 add_stats = no } rlm_cache (ut-wpa2_inner_cache): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked } # modules radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf } # server server status { # from file /usr/local/etc/raddb/sites-enabled/status # Loading authorize {...} } # server status server eduroam { # from file /usr/local/etc/raddb/sites-enabled/eduroam # Loading authenticate {...} # Loading authorize {...} # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} } # server eduroam server open { # from file /usr/local/etc/raddb/sites-enabled/open # Loading authorize {...} # Loading preacct {...} # Loading accounting {...} # Loading post-auth {...} } # server open radiusd: #### Opening IP addresses and Ports #### listen { type = "control" listen { socket = "/usr/local/var/run/radiusd/radiusd.sock" uid = "radius" gid = "radius" mode = "rw" peercred = yes } } listen { type = "status" ipaddr = 127.0.0.1 port = 18121 client admin { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } } listen { type = "auth" ipaddr = * port = 1812 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 1813 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = * port = 1814 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 1815 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on status address 127.0.0.1 port 18121 bound to server status Listening on auth address * port 1812 bound to server eduroam Listening on acct address * port 1813 bound to server eduroam Listening on auth address * port 1814 bound to server open Listening on acct address * port 1815 bound to server open Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 49508 Ready to process requests (0) Received Access-Request Id 219 from 10.5.0.11:36258 to 160.36.188.35:1812 length 220 (0) User-Name = 'asdf@utk.edu' (0) NAS-IP-Address = 10.5.1.52 (0) NAS-Port = 0 (0) NAS-Identifier = 'eduroam' (0) NAS-Port-Type = Wireless-802.11 (0) Calling-Station-Id = '606720b6d928' (0) Called-Station-Id = '001a1e00cc48' (0) Service-Type = Login-User (0) Framed-MTU = 1100 (0) EAP-Message = 0x0201001101617364664075746b2e656475 (0) Aruba-Essid-Name = 'frtest-eduroam' (0) Aruba-Location-Id = 'WMN-01-04' (0) Aruba-AP-Group = 'MN - Kingston Pike Building' (0) Message-Authenticator = 0xa973618a9b2534635a0df317425ededc (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (0) authorize { (0) if ( NAS-Identifier != 'eduroam' ) { (0) if ( NAS-Identifier != 'eduroam' ) -> FALSE (0) update control { (0) &Cache-Status-Only = yes (0) } # update control = noop (0) eduroam_inner_cache: EXPAND %{User-Name} (0) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (0) eduroam_inner_cache: No cache entry found for "asdf@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (0) [eduroam_inner_cache] = notfound (0) if (notfound) { (0) if (notfound) -> TRUE (0) if (notfound) { (0) policy filter_username { (0) if (!&User-Name) { (0) if (!&User-Name) -> FALSE (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@.*@/ ) { (0) if (&User-Name =~ /@.*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # policy filter_username = noop (0) [preprocess] = ok (0) suffix: Checking for suffix after "@" (0) suffix: Looking up realm "utk.edu" for User-Name = "asdf@utk.edu" (0) suffix: Found realm "utk.edu" (0) suffix: Adding Stripped-User-Name = "asdf" (0) suffix: Adding Realm = "utk.edu" (0) suffix: Authentication realm is LOCAL (0) [suffix] = ok rlm_ldap (utk_ad): Reserved connection (4) (0) utk_ad: EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}}) (0) utk_ad: --> (cn=asdf) (0) utk_ad: Performing search in "dc=tennessee,dc=edu" with filter "(cn=asdf)", scope "sub" (0) utk_ad: Waiting for search result... (0) utk_ad: Search returned no results rlm_ldap (utk_ad): Released connection (4) (0) [utk_ad] = notfound (0) classify_user: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'asdf@utk.edu' (0) classify_user: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '10.5.1.52' (0) classify_user: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '0' (0) classify_user: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Login-User' (0) classify_user: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1100' (0) classify_user: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '001a1e00cc48' (0) classify_user: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '606720b6d928' (0) classify_user: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'eduroam' (0) classify_user: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (0) classify_user: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Apr 13 2015 16:24:23 EDT' (0) classify_user: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0201001101617364664075746b2e656475' (0) classify_user: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0xa973618a9b2534635a0df317425ededc' (0) classify_user: $RAD_REQUEST{'Aruba-Essid-Name'} = &request:Aruba-Essid-Name -> 'frtest-eduroam' (0) classify_user: $RAD_REQUEST{'Aruba-Location-Id'} = &request:Aruba-Location-Id -> 'WMN-01-04' (0) classify_user: $RAD_REQUEST{'Aruba-AP-Group'} = &request:Aruba-AP-Group -> 'MN - Kingston Pike Building' (0) classify_user: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'asdf' (0) classify_user: $RAD_REQUEST{'Realm'} = &request:Realm -> 'utk.edu' (0) classify_user: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (0) classify_user: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Login-User' (0) classify_user: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '001a1e00cc48' (0) classify_user: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0xa973618a9b2534635a0df317425ededc' (0) classify_user: &request:Realm = $RAD_REQUEST{'Realm'} -> 'utk.edu' (0) classify_user: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '10.5.1.52' (0) classify_user: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '606720b6d928' (0) classify_user: &request:Aruba-Essid-Name = $RAD_REQUEST{'Aruba-Essid-Name'} -> 'frtest-eduroam' (0) classify_user: &request:Aruba-AP-Group = $RAD_REQUEST{'Aruba-AP-Group'} -> 'MN - Kingston Pike Building' (0) classify_user: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'asdf@utk.edu' (0) classify_user: &request:Aruba-Location-Id = $RAD_REQUEST{'Aruba-Location-Id'} -> 'WMN-01-04' (0) classify_user: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'eduroam' (0) classify_user: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Apr 13 2015 16:24:23 EDT' (0) classify_user: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0201001101617364664075746b2e656475' (0) classify_user: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '0' (0) classify_user: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'asdf' (0) classify_user: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1100' (0) classify_user: &control:Aruba-User-Role = $RAD_CHECK{'Aruba-User-Role'} -> 'eduroam-student' (0) [classify_user] = ok (0) if ( Realm == 'NULL' ) { (0) if ( Realm == 'NULL' ) -> FALSE (0) } # if (notfound) = ok (0) ... skipping else for request 0: Preceding "if" was taken (0) eduroam_inner_cache: EXPAND %{User-Name} (0) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (0) eduroam_inner_cache: No cache entry found for "asdf@utk.edu" (0) eduroam_inner_cache: Creating new cache entry (0) eduroam_inner_cache: request:Stripped-User-Name = &Stripped-User-Name -> 'asdf' (0) eduroam_inner_cache: request:Realm = &Realm -> 'utk.edu' (0) eduroam_inner_cache: control:Aruba-User-Role := &Aruba-User-Role -> 'eduroam-student' (0) eduroam_inner_cache: EXPAND Cache last updated at %t (0) eduroam_inner_cache: --> Cache last updated at Mon Apr 13 16:24:23 2015 (0) eduroam_inner_cache: reply:Reply-Message += "Cache last updated at Mon Apr 13 16:24:23 2015" (0) eduroam_inner_cache: Merging cache entry into request (0) eduroam_inner_cache: &control:Aruba-User-Role := 'eduroam-student' (0) eduroam_inner_cache: &request:Stripped-User-Name = 'asdf' (0) eduroam_inner_cache: &request:Realm = 'utk.edu' (0) eduroam_inner_cache: &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (0) eduroam_inner_cache: Commited entry, TTL 14400 seconds rlm_cache (eduroam_inner_cache): Released connection (4) (0) [eduroam_inner_cache] = updated (0) policy debug_all { (0) policy debug_control { (0) if ("%{debug_attr:control:}" == '') { (0) Attributes matching "control:" (0) &control:Aruba-User-Role = eduroam-student (0) EXPAND %{debug_attr:control:} (0) --> (0) if ("%{debug_attr:control:}" == '') -> TRUE (0) if ("%{debug_attr:control:}" == '') { (0) [noop] = noop (0) } # if ("%{debug_attr:control:}" == '') = noop (0) } # policy debug_control = noop (0) policy debug_request { (0) if ("%{debug_attr:request:}" == '') { (0) Attributes matching "request:" (0) &request:NAS-Port-Type = Wireless-802.11 (0) &request:Service-Type = Login-User (0) &request:Called-Station-Id = 001a1e00cc48 (0) &request:Message-Authenticator = 0xa973618a9b2534635a0df317425ededc (0) &request:Realm = utk.edu (0) &request:NAS-IP-Address = 10.5.1.52 (0) &request:Calling-Station-Id = 606720b6d928 (0) &request:Aruba-Essid-Name = frtest-eduroam (0) &request:Aruba-AP-Group = MN - Kingston Pike Building (0) &request:User-Name = asdf@utk.edu (0) &request:Aruba-Location-Id = WMN-01-04 (0) &request:NAS-Identifier = eduroam (0) &request:Event-Timestamp = Apr 13 2015 16:24:23 EDT (0) &request:EAP-Message = 0x0201001101617364664075746b2e656475 (0) &request:NAS-Port = 0 (0) &request:Stripped-User-Name = asdf (0) &request:Framed-MTU = 1100 (0) EXPAND %{debug_attr:request:} (0) --> (0) if ("%{debug_attr:request:}" == '') -> TRUE (0) if ("%{debug_attr:request:}" == '') { (0) [noop] = noop (0) } # if ("%{debug_attr:request:}" == '') = noop (0) } # policy debug_request = noop (0) policy debug_reply { (0) if ("%{debug_attr:reply:}" == '') { (0) Attributes matching "reply:" (0) &reply:Reply-Message = Cache last updated at Mon Apr 13 16:24:23 2015 (0) EXPAND %{debug_attr:reply:} (0) --> (0) if ("%{debug_attr:reply:}" == '') -> TRUE (0) if ("%{debug_attr:reply:}" == '') { (0) [noop] = noop (0) } # if ("%{debug_attr:reply:}" == '') = noop (0) } # policy debug_reply = noop (0) } # policy debug_all = noop (0) eduroam_eap: Peer sent code Response (2) ID 1 length 17 (0) eduroam_eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eduroam_eap] = ok (0) [mschap] = noop (0) [chap] = noop (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (0) pap: WARNING: Authentication will fail unless a "known good" password is available (0) [pap] = noop (0) } # authorize = updated (0) Found Auth-Type = eduroam_eap (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (0) Auth-Type eduroam_eap { (0) eduroam_eap: Peer sent method Identity (1) (0) eduroam_eap: Calling eap_peap to process EAP data (0) eap_peap: Flushing SSL sessions (of #0) (0) eap_peap: Initiate (0) eap_peap: Start returned 1 (0) eduroam_eap: EAP session adding &reply:State = 0x78fd83c078ff9aaa (0) [eduroam_eap] = handled (0) } # Auth-Type eduroam_eap = handled (0) Using Post-Auth-Type Challenge (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (0) Sent Access-Challenge Id 219 from 160.36.188.35:1812 to 10.5.0.11:36258 length 112 (0) Reply-Message = 'Cache last updated at Mon Apr 13 16:24:23 2015' (0) EAP-Message = 0x010200061920 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x78fd83c078ff9aaab77aabb1eee2fef2 (0) Finished request Waking up in 0.3 seconds. (1) Received Access-Request Id 217 from 10.5.0.11:36258 to 160.36.188.35:1812 length 466 (1) User-Name = 'asdf@utk.edu' (1) NAS-IP-Address = 10.5.1.52 (1) NAS-Port = 0 (1) NAS-Identifier = 'eduroam' (1) NAS-Port-Type = Wireless-802.11 (1) Calling-Station-Id = '606720b6d928' (1) Called-Station-Id = '001a1e00cc48' (1) Service-Type = Login-User (1) Framed-MTU = 1100 (1) EAP-Message = 0x020200f51980000000eb16030100e6010000e20301d057c16bd62663ec52b58c20aefa5fb27779ffc3fa81340dcabd0ff41be17ebb00006ec014c00a00390038003700360088008700860085c00fc00500350084c013c0090033003200310030009a0099009800970045004400430042c00ec004002f00 (1) State = 0x78fd83c078ff9aaab77aabb1eee2fef2 (1) Aruba-Essid-Name = 'frtest-eduroam' (1) Aruba-Location-Id = 'WMN-01-04' (1) Aruba-AP-Group = 'MN - Kingston Pike Building' (1) Message-Authenticator = 0x8fafa3b92c451a1522fd6ef6283d647d (1) session-state: No cached attributes (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (1) authorize { (1) if ( NAS-Identifier != 'eduroam' ) { (1) if ( NAS-Identifier != 'eduroam' ) -> FALSE (1) update control { (1) &Cache-Status-Only = yes (1) } # update control = noop (1) eduroam_inner_cache: EXPAND %{User-Name} (1) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (1) eduroam_inner_cache: Retrieved 223 bytes from memcached (1) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (1) eduroam_inner_cache: Found entry for "asdf@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (1) [eduroam_inner_cache] = ok (1) if (notfound) { (1) if (notfound) -> FALSE (1) else { (1) update control { (1) &Cache-Read-Only = yes (1) &Cache-Merge = yes (1) } # update control = noop (1) } # else = noop (1) eduroam_inner_cache: EXPAND %{User-Name} (1) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (1) eduroam_inner_cache: Retrieved 223 bytes from memcached (1) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (1) eduroam_inner_cache: Found entry for "asdf@utk.edu" (1) eduroam_inner_cache: Merging cache entry into request (1) eduroam_inner_cache: &control:Aruba-User-Role = '' (1) eduroam_inner_cache: &request:Stripped-User-Name = '' (1) eduroam_inner_cache: &request:Realm = '' (1) eduroam_inner_cache: &reply:Reply-Message = '' rlm_cache (eduroam_inner_cache): Released connection (4) (1) [eduroam_inner_cache] = ok (1) policy debug_all { (1) policy debug_control { (1) if ("%{debug_attr:control:}" == '') { (1) Attributes matching "control:" (1) &control:Cache-Merge = yes (1) &control:Aruba-User-Role = (1) EXPAND %{debug_attr:control:} (1) --> (1) if ("%{debug_attr:control:}" == '') -> TRUE (1) if ("%{debug_attr:control:}" == '') { (1) [noop] = noop (1) } # if ("%{debug_attr:control:}" == '') = noop (1) } # policy debug_control = noop (1) policy debug_request { (1) if ("%{debug_attr:request:}" == '') { (1) Attributes matching "request:" (1) &request:User-Name = asdf@utk.edu (1) &request:NAS-IP-Address = 10.5.1.52 (1) &request:NAS-Port = 0 (1) &request:NAS-Identifier = eduroam (1) &request:NAS-Port-Type = Wireless-802.11 (1) &request:Calling-Station-Id = 606720b6d928 (1) &request:Called-Station-Id = 001a1e00cc48 (1) &request:Service-Type = Login-User (1) &request:Framed-MTU = 1100 (1) &request:EAP-Message = 0x020200f51980000000eb16030100e6010000e20301d057c16bd62663ec52b58c20aefa5fb27779ffc3fa81340dcabd0ff41be17ebb00006ec014c00a00390038003700360088008700860085c00fc00500350084c013c0090033003200310030009a0099009800970045004400430042c00ec004002f009600410007c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00150012000f000c000900ff0100004b000b000403000102000a003a0038000e000d0019001c000b000c001b00180009000a001a00160017000800060007001400150004000500120013000100020003000f00100011000f000101 (1) &request:State = 0x78fd83c078ff9aaab77aabb1eee2fef2 (1) &request:Aruba-Essid-Name = frtest-eduroam (1) &request:Aruba-Location-Id = WMN-01-04 (1) &request:Aruba-AP-Group = MN - Kingston Pike Building (1) &request:Message-Authenticator = 0x8fafa3b92c451a1522fd6ef6283d647d (1) &request:Stripped-User-Name = (1) &request:Realm = (1) EXPAND %{debug_attr:request:} (1) --> (1) if ("%{debug_attr:request:}" == '') -> TRUE (1) if ("%{debug_attr:request:}" == '') { (1) [noop] = noop (1) } # if ("%{debug_attr:request:}" == '') = noop (1) } # policy debug_request = noop (1) policy debug_reply { (1) if ("%{debug_attr:reply:}" == '') { (1) Attributes matching "reply:" (1) &reply:Reply-Message = (1) EXPAND %{debug_attr:reply:} (1) --> (1) if ("%{debug_attr:reply:}" == '') -> TRUE (1) if ("%{debug_attr:reply:}" == '') { (1) [noop] = noop (1) } # if ("%{debug_attr:reply:}" == '') = noop (1) } # policy debug_reply = noop (1) } # policy debug_all = noop (1) eduroam_eap: Peer sent code Response (2) ID 2 length 245 (1) eduroam_eap: Continuing tunnel setup (1) [eduroam_eap] = ok (1) [mschap] = noop (1) [chap] = noop (1) [pap] = noop (1) } # authorize = ok (1) Found Auth-Type = eduroam_eap (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (1) Auth-Type eduroam_eap { (1) eduroam_eap: Expiring EAP session with state 0x78fd83c078ff9aaa (1) eduroam_eap: Finished EAP session with state 0x78fd83c078ff9aaa (1) eduroam_eap: Previous EAP request found for state 0x78fd83c078ff9aaa, released from the list (1) eduroam_eap: Peer sent method PEAP (25) (1) eduroam_eap: EAP PEAP (25) (1) eduroam_eap: Calling eap_peap to process EAP data (1) eap_peap: processing EAP-TLS (1) eap_peap: TLS Length 235 (1) eap_peap: Length Included (1) eap_peap: eaptls_verify returned 11 (1) eap_peap: (other): before/accept initialization (1) eap_peap: TLS_accept: before/accept initialization (1) eap_peap: <<< TLS 1.0 Handshake [length 00e6], ClientHello (1) eap_peap: TLS_accept: SSLv3 read client hello A (1) eap_peap: >>> TLS 1.0 Handshake [length 005e], ServerHello (1) eap_peap: TLS_accept: SSLv3 write server hello A (1) eap_peap: >>> TLS 1.0 Handshake [length 0f60], Certificate (1) eap_peap: TLS_accept: SSLv3 write certificate A (1) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange (1) eap_peap: TLS_accept: SSLv3 write key exchange A (1) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (1) eap_peap: TLS_accept: SSLv3 write server done A (1) eap_peap: TLS_accept: SSLv3 flush data (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (1) eap_peap: eaptls_process returned 13 (1) eap_peap: FR_TLS_HANDLED (1) eduroam_eap: EAP session adding &reply:State = 0x78fd83c079fe9aaa (1) [eduroam_eap] = handled (1) } # Auth-Type eduroam_eap = handled (1) Using Post-Auth-Type Challenge (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (1) Sent Access-Challenge Id 217 from 160.36.188.35:1812 to 10.5.0.11:36258 length 1068 (1) Reply-Message = '' (1) EAP-Message = 0x010303ec19c000001121160301005e0200005a0301552c25f722b5183c0b7bf913961283006582909bd37ed4788a6c5a8e647839a620659a93f60c9895b2494d0a6f17c7a19f3e2df68c1cf134d2b748d33d4dc25b29c014000012ff01000100000b000403000102000f0001011603010f600b000f5c00 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0x78fd83c079fe9aaab77aabb1eee2fef2 (1) Finished request Waking up in 0.3 seconds. (2) Received Access-Request Id 221 from 10.5.0.11:36258 to 160.36.188.35:1812 length 227 (2) User-Name = 'asdf@utk.edu' (2) NAS-IP-Address = 10.5.1.52 (2) NAS-Port = 0 (2) NAS-Identifier = 'eduroam' (2) NAS-Port-Type = Wireless-802.11 (2) Calling-Station-Id = '606720b6d928' (2) Called-Station-Id = '001a1e00cc48' (2) Service-Type = Login-User (2) Framed-MTU = 1100 (2) EAP-Message = 0x020300061900 (2) State = 0x78fd83c079fe9aaab77aabb1eee2fef2 (2) Aruba-Essid-Name = 'frtest-eduroam' (2) Aruba-Location-Id = 'WMN-01-04' (2) Aruba-AP-Group = 'MN - Kingston Pike Building' (2) Message-Authenticator = 0xb6166bfd97d9d3cd54961e6ef7790980 (2) session-state: No cached attributes (2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (2) authorize { (2) if ( NAS-Identifier != 'eduroam' ) { (2) if ( NAS-Identifier != 'eduroam' ) -> FALSE (2) update control { (2) &Cache-Status-Only = yes (2) } # update control = noop (2) eduroam_inner_cache: EXPAND %{User-Name} (2) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (2) eduroam_inner_cache: Retrieved 223 bytes from memcached (2) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (2) eduroam_inner_cache: Found entry for "asdf@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (2) [eduroam_inner_cache] = ok (2) if (notfound) { (2) if (notfound) -> FALSE (2) else { (2) update control { (2) &Cache-Read-Only = yes (2) &Cache-Merge = yes (2) } # update control = noop (2) } # else = noop (2) eduroam_inner_cache: EXPAND %{User-Name} (2) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (2) eduroam_inner_cache: Retrieved 223 bytes from memcached (2) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (2) eduroam_inner_cache: Found entry for "asdf@utk.edu" (2) eduroam_inner_cache: Merging cache entry into request (2) eduroam_inner_cache: &control:Aruba-User-Role = '' (2) eduroam_inner_cache: &request:Stripped-User-Name = '' (2) eduroam_inner_cache: &request:Realm = '' (2) eduroam_inner_cache: &reply:Reply-Message = '' rlm_cache (eduroam_inner_cache): Released connection (4) (2) [eduroam_inner_cache] = ok (2) policy debug_all { (2) policy debug_control { (2) if ("%{debug_attr:control:}" == '') { (2) Attributes matching "control:" (2) &control:Cache-Merge = yes (2) &control:Aruba-User-Role = (2) EXPAND %{debug_attr:control:} (2) --> (2) if ("%{debug_attr:control:}" == '') -> TRUE (2) if ("%{debug_attr:control:}" == '') { (2) [noop] = noop (2) } # if ("%{debug_attr:control:}" == '') = noop (2) } # policy debug_control = noop (2) policy debug_request { (2) if ("%{debug_attr:request:}" == '') { (2) Attributes matching "request:" (2) &request:User-Name = asdf@utk.edu (2) &request:NAS-IP-Address = 10.5.1.52 (2) &request:NAS-Port = 0 (2) &request:NAS-Identifier = eduroam (2) &request:NAS-Port-Type = Wireless-802.11 (2) &request:Calling-Station-Id = 606720b6d928 (2) &request:Called-Station-Id = 001a1e00cc48 (2) &request:Service-Type = Login-User (2) &request:Framed-MTU = 1100 (2) &request:EAP-Message = 0x020300061900 (2) &request:State = 0x78fd83c079fe9aaab77aabb1eee2fef2 (2) &request:Aruba-Essid-Name = frtest-eduroam (2) &request:Aruba-Location-Id = WMN-01-04 (2) &request:Aruba-AP-Group = MN - Kingston Pike Building (2) &request:Message-Authenticator = 0xb6166bfd97d9d3cd54961e6ef7790980 (2) &request:Stripped-User-Name = (2) &request:Realm = (2) EXPAND %{debug_attr:request:} (2) --> (2) if ("%{debug_attr:request:}" == '') -> TRUE (2) if ("%{debug_attr:request:}" == '') { (2) [noop] = noop (2) } # if ("%{debug_attr:request:}" == '') = noop (2) } # policy debug_request = noop (2) policy debug_reply { (2) if ("%{debug_attr:reply:}" == '') { (2) Attributes matching "reply:" (2) &reply:Reply-Message = (2) EXPAND %{debug_attr:reply:} (2) --> (2) if ("%{debug_attr:reply:}" == '') -> TRUE (2) if ("%{debug_attr:reply:}" == '') { (2) [noop] = noop (2) } # if ("%{debug_attr:reply:}" == '') = noop (2) } # policy debug_reply = noop (2) } # policy debug_all = noop (2) eduroam_eap: Peer sent code Response (2) ID 3 length 6 (2) eduroam_eap: Continuing tunnel setup (2) [eduroam_eap] = ok (2) [mschap] = noop (2) [chap] = noop (2) [pap] = noop (2) } # authorize = ok (2) Found Auth-Type = eduroam_eap (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (2) Auth-Type eduroam_eap { (2) eduroam_eap: Expiring EAP session with state 0x78fd83c079fe9aaa (2) eduroam_eap: Finished EAP session with state 0x78fd83c079fe9aaa (2) eduroam_eap: Previous EAP request found for state 0x78fd83c079fe9aaa, released from the list (2) eduroam_eap: Peer sent method PEAP (25) (2) eduroam_eap: EAP PEAP (25) (2) eduroam_eap: Calling eap_peap to process EAP data (2) eap_peap: processing EAP-TLS (2) eap_peap: Received TLS ACK (2) eap_peap: Received TLS ACK (2) eap_peap: ACK handshake fragment handler (2) eap_peap: eaptls_verify returned 1 (2) eap_peap: eaptls_process returned 13 (2) eap_peap: FR_TLS_HANDLED (2) eduroam_eap: EAP session adding &reply:State = 0x78fd83c07af99aaa (2) [eduroam_eap] = handled (2) } # Auth-Type eduroam_eap = handled (2) Using Post-Auth-Type Challenge (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (2) Sent Access-Challenge Id 221 from 160.36.188.35:1812 to 10.5.0.11:36258 length 1064 (2) Reply-Message = '' (2) EAP-Message = 0x010403e819407ca82396300e0603551d0f0101ff0404030205a0300c0603551d130101ff04023000301d0603551d250416301406082b0601050507030106082b0601050507030230460603551d20043f303d303b060c2b06010401b2310102010304302b302906082b06010505070201161d6874747073 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x78fd83c07af99aaab77aabb1eee2fef2 (2) Finished request Waking up in 0.3 seconds. (3) Received Access-Request Id 218 from 10.5.0.11:36258 to 160.36.188.35:1812 length 227 (3) User-Name = 'asdf@utk.edu' (3) NAS-IP-Address = 10.5.1.52 (3) NAS-Port = 0 (3) NAS-Identifier = 'eduroam' (3) NAS-Port-Type = Wireless-802.11 (3) Calling-Station-Id = '606720b6d928' (3) Called-Station-Id = '001a1e00cc48' (3) Service-Type = Login-User (3) Framed-MTU = 1100 (3) EAP-Message = 0x020400061900 (3) State = 0x78fd83c07af99aaab77aabb1eee2fef2 (3) Aruba-Essid-Name = 'frtest-eduroam' (3) Aruba-Location-Id = 'WMN-01-04' (3) Aruba-AP-Group = 'MN - Kingston Pike Building' (3) Message-Authenticator = 0x1a52bac0281c62b36d84abfb379f76a5 (3) session-state: No cached attributes (3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (3) authorize { (3) if ( NAS-Identifier != 'eduroam' ) { (3) if ( NAS-Identifier != 'eduroam' ) -> FALSE (3) update control { (3) &Cache-Status-Only = yes (3) } # update control = noop (3) eduroam_inner_cache: EXPAND %{User-Name} (3) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (3) eduroam_inner_cache: Retrieved 223 bytes from memcached (3) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (3) eduroam_inner_cache: Found entry for "asdf@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (3) [eduroam_inner_cache] = ok (3) if (notfound) { (3) if (notfound) -> FALSE (3) else { (3) update control { (3) &Cache-Read-Only = yes (3) &Cache-Merge = yes (3) } # update control = noop (3) } # else = noop (3) eduroam_inner_cache: EXPAND %{User-Name} (3) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (3) eduroam_inner_cache: Retrieved 223 bytes from memcached (3) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (3) eduroam_inner_cache: Found entry for "asdf@utk.edu" (3) eduroam_inner_cache: Merging cache entry into request (3) eduroam_inner_cache: &control:Aruba-User-Role = '' (3) eduroam_inner_cache: &request:Stripped-User-Name = '' (3) eduroam_inner_cache: &request:Realm = '' (3) eduroam_inner_cache: &reply:Reply-Message = '' rlm_cache (eduroam_inner_cache): Released connection (4) (3) [eduroam_inner_cache] = ok (3) policy debug_all { (3) policy debug_control { (3) if ("%{debug_attr:control:}" == '') { (3) Attributes matching "control:" (3) &control:Cache-Merge = yes (3) &control:Aruba-User-Role = (3) EXPAND %{debug_attr:control:} (3) --> (3) if ("%{debug_attr:control:}" == '') -> TRUE (3) if ("%{debug_attr:control:}" == '') { (3) [noop] = noop (3) } # if ("%{debug_attr:control:}" == '') = noop (3) } # policy debug_control = noop (3) policy debug_request { (3) if ("%{debug_attr:request:}" == '') { (3) Attributes matching "request:" (3) &request:User-Name = asdf@utk.edu (3) &request:NAS-IP-Address = 10.5.1.52 (3) &request:NAS-Port = 0 (3) &request:NAS-Identifier = eduroam (3) &request:NAS-Port-Type = Wireless-802.11 (3) &request:Calling-Station-Id = 606720b6d928 (3) &request:Called-Station-Id = 001a1e00cc48 (3) &request:Service-Type = Login-User (3) &request:Framed-MTU = 1100 (3) &request:EAP-Message = 0x020400061900 (3) &request:State = 0x78fd83c07af99aaab77aabb1eee2fef2 (3) &request:Aruba-Essid-Name = frtest-eduroam (3) &request:Aruba-Location-Id = WMN-01-04 (3) &request:Aruba-AP-Group = MN - Kingston Pike Building (3) &request:Message-Authenticator = 0x1a52bac0281c62b36d84abfb379f76a5 (3) &request:Stripped-User-Name = (3) &request:Realm = (3) EXPAND %{debug_attr:request:} (3) --> (3) if ("%{debug_attr:request:}" == '') -> TRUE (3) if ("%{debug_attr:request:}" == '') { (3) [noop] = noop (3) } # if ("%{debug_attr:request:}" == '') = noop (3) } # policy debug_request = noop (3) policy debug_reply { (3) if ("%{debug_attr:reply:}" == '') { (3) Attributes matching "reply:" (3) &reply:Reply-Message = (3) EXPAND %{debug_attr:reply:} (3) --> (3) if ("%{debug_attr:reply:}" == '') -> TRUE (3) if ("%{debug_attr:reply:}" == '') { (3) [noop] = noop (3) } # if ("%{debug_attr:reply:}" == '') = noop (3) } # policy debug_reply = noop (3) } # policy debug_all = noop (3) eduroam_eap: Peer sent code Response (2) ID 4 length 6 (3) eduroam_eap: Continuing tunnel setup (3) [eduroam_eap] = ok (3) [mschap] = noop (3) [chap] = noop (3) [pap] = noop (3) } # authorize = ok (3) Found Auth-Type = eduroam_eap (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (3) Auth-Type eduroam_eap { (3) eduroam_eap: Expiring EAP session with state 0x78fd83c07af99aaa (3) eduroam_eap: Finished EAP session with state 0x78fd83c07af99aaa (3) eduroam_eap: Previous EAP request found for state 0x78fd83c07af99aaa, released from the list (3) eduroam_eap: Peer sent method PEAP (25) (3) eduroam_eap: EAP PEAP (25) (3) eduroam_eap: Calling eap_peap to process EAP data (3) eap_peap: processing EAP-TLS (3) eap_peap: Received TLS ACK (3) eap_peap: Received TLS ACK (3) eap_peap: ACK handshake fragment handler (3) eap_peap: eaptls_verify returned 1 (3) eap_peap: eaptls_process returned 13 (3) eap_peap: FR_TLS_HANDLED (3) eduroam_eap: EAP session adding &reply:State = 0x78fd83c07bf89aaa (3) [eduroam_eap] = handled (3) } # Auth-Type eduroam_eap = handled (3) Using Post-Auth-Type Challenge (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (3) Sent Access-Challenge Id 218 from 160.36.188.35:1812 to 10.5.0.11:36258 length 1064 (3) Reply-Message = '' (3) EAP-Message = 0x010503e8194065205365637572652053657276657220434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e787dac077e4bb3afa6a24c88041acd21613153dfaf7f82a76dca82d3908ce484abe0f7df0debabb47d5bd2dd71bab0f2081230872b1c011950de6eaa987 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0x78fd83c07bf89aaab77aabb1eee2fef2 (3) Finished request Waking up in 0.3 seconds. (4) Received Access-Request Id 222 from 10.5.0.11:36258 to 160.36.188.35:1812 length 227 (4) User-Name = 'asdf@utk.edu' (4) NAS-IP-Address = 10.5.1.52 (4) NAS-Port = 0 (4) NAS-Identifier = 'eduroam' (4) NAS-Port-Type = Wireless-802.11 (4) Calling-Station-Id = '606720b6d928' (4) Called-Station-Id = '001a1e00cc48' (4) Service-Type = Login-User (4) Framed-MTU = 1100 (4) EAP-Message = 0x020500061900 (4) State = 0x78fd83c07bf89aaab77aabb1eee2fef2 (4) Aruba-Essid-Name = 'frtest-eduroam' (4) Aruba-Location-Id = 'WMN-01-04' (4) Aruba-AP-Group = 'MN - Kingston Pike Building' (4) Message-Authenticator = 0xd3f9a55a0631ff43b73e67c49b105685 (4) session-state: No cached attributes (4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (4) authorize { (4) if ( NAS-Identifier != 'eduroam' ) { (4) if ( NAS-Identifier != 'eduroam' ) -> FALSE (4) update control { (4) &Cache-Status-Only = yes (4) } # update control = noop (4) eduroam_inner_cache: EXPAND %{User-Name} (4) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (4) eduroam_inner_cache: Retrieved 223 bytes from memcached (4) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (4) eduroam_inner_cache: Found entry for "asdf@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (4) [eduroam_inner_cache] = ok (4) if (notfound) { (4) if (notfound) -> FALSE (4) else { (4) update control { (4) &Cache-Read-Only = yes (4) &Cache-Merge = yes (4) } # update control = noop (4) } # else = noop (4) eduroam_inner_cache: EXPAND %{User-Name} (4) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (4) eduroam_inner_cache: Retrieved 223 bytes from memcached (4) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (4) eduroam_inner_cache: Found entry for "asdf@utk.edu" (4) eduroam_inner_cache: Merging cache entry into request (4) eduroam_inner_cache: &control:Aruba-User-Role = '' (4) eduroam_inner_cache: &request:Stripped-User-Name = '' (4) eduroam_inner_cache: &request:Realm = '' (4) eduroam_inner_cache: &reply:Reply-Message = '' rlm_cache (eduroam_inner_cache): Released connection (4) (4) [eduroam_inner_cache] = ok (4) policy debug_all { (4) policy debug_control { (4) if ("%{debug_attr:control:}" == '') { (4) Attributes matching "control:" (4) &control:Cache-Merge = yes (4) &control:Aruba-User-Role = (4) EXPAND %{debug_attr:control:} (4) --> (4) if ("%{debug_attr:control:}" == '') -> TRUE (4) if ("%{debug_attr:control:}" == '') { (4) [noop] = noop (4) } # if ("%{debug_attr:control:}" == '') = noop (4) } # policy debug_control = noop (4) policy debug_request { (4) if ("%{debug_attr:request:}" == '') { (4) Attributes matching "request:" (4) &request:User-Name = asdf@utk.edu (4) &request:NAS-IP-Address = 10.5.1.52 (4) &request:NAS-Port = 0 (4) &request:NAS-Identifier = eduroam (4) &request:NAS-Port-Type = Wireless-802.11 (4) &request:Calling-Station-Id = 606720b6d928 (4) &request:Called-Station-Id = 001a1e00cc48 (4) &request:Service-Type = Login-User (4) &request:Framed-MTU = 1100 (4) &request:EAP-Message = 0x020500061900 (4) &request:State = 0x78fd83c07bf89aaab77aabb1eee2fef2 (4) &request:Aruba-Essid-Name = frtest-eduroam (4) &request:Aruba-Location-Id = WMN-01-04 (4) &request:Aruba-AP-Group = MN - Kingston Pike Building (4) &request:Message-Authenticator = 0xd3f9a55a0631ff43b73e67c49b105685 (4) &request:Stripped-User-Name = (4) &request:Realm = (4) EXPAND %{debug_attr:request:} (4) --> (4) if ("%{debug_attr:request:}" == '') -> TRUE (4) if ("%{debug_attr:request:}" == '') { (4) [noop] = noop (4) } # if ("%{debug_attr:request:}" == '') = noop (4) } # policy debug_request = noop (4) policy debug_reply { (4) if ("%{debug_attr:reply:}" == '') { (4) Attributes matching "reply:" (4) &reply:Reply-Message = (4) EXPAND %{debug_attr:reply:} (4) --> (4) if ("%{debug_attr:reply:}" == '') -> TRUE (4) if ("%{debug_attr:reply:}" == '') { (4) [noop] = noop (4) } # if ("%{debug_attr:reply:}" == '') = noop (4) } # policy debug_reply = noop (4) } # policy debug_all = noop (4) eduroam_eap: Peer sent code Response (2) ID 5 length 6 (4) eduroam_eap: Continuing tunnel setup (4) [eduroam_eap] = ok (4) [mschap] = noop (4) [chap] = noop (4) [pap] = noop (4) } # authorize = ok (4) Found Auth-Type = eduroam_eap (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (4) Auth-Type eduroam_eap { (4) eduroam_eap: Expiring EAP session with state 0x78fd83c07bf89aaa (4) eduroam_eap: Finished EAP session with state 0x78fd83c07bf89aaa (4) eduroam_eap: Previous EAP request found for state 0x78fd83c07bf89aaa, released from the list (4) eduroam_eap: Peer sent method PEAP (25) (4) eduroam_eap: EAP PEAP (25) (4) eduroam_eap: Calling eap_peap to process EAP data (4) eap_peap: processing EAP-TLS (4) eap_peap: Received TLS ACK (4) eap_peap: Received TLS ACK (4) eap_peap: ACK handshake fragment handler (4) eap_peap: eaptls_verify returned 1 (4) eap_peap: eaptls_process returned 13 (4) eap_peap: FR_TLS_HANDLED (4) eduroam_eap: EAP session adding &reply:State = 0x78fd83c07cfb9aaa (4) [eduroam_eap] = handled (4) } # Auth-Type eduroam_eap = handled (4) Using Post-Auth-Type Challenge (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (4) Sent Access-Challenge Id 222 from 160.36.188.35:1812 to 10.5.0.11:36258 length 1064 (4) Reply-Message = '' (4) EAP-Message = 0x010603e81940f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0x78fd83c07cfb9aaab77aabb1eee2fef2 (4) Finished request Waking up in 0.3 seconds. (5) Received Access-Request Id 220 from 10.5.0.11:36258 to 160.36.188.35:1812 length 227 (5) User-Name = 'asdf@utk.edu' (5) NAS-IP-Address = 10.5.1.52 (5) NAS-Port = 0 (5) NAS-Identifier = 'eduroam' (5) NAS-Port-Type = Wireless-802.11 (5) Calling-Station-Id = '606720b6d928' (5) Called-Station-Id = '001a1e00cc48' (5) Service-Type = Login-User (5) Framed-MTU = 1100 (5) EAP-Message = 0x020600061900 (5) State = 0x78fd83c07cfb9aaab77aabb1eee2fef2 (5) Aruba-Essid-Name = 'frtest-eduroam' (5) Aruba-Location-Id = 'WMN-01-04' (5) Aruba-AP-Group = 'MN - Kingston Pike Building' (5) Message-Authenticator = 0x54cfd0571953c8659ffa15dba1462790 (5) session-state: No cached attributes (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (5) authorize { (5) if ( NAS-Identifier != 'eduroam' ) { (5) if ( NAS-Identifier != 'eduroam' ) -> FALSE (5) update control { (5) &Cache-Status-Only = yes (5) } # update control = noop (5) eduroam_inner_cache: EXPAND %{User-Name} (5) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (5) eduroam_inner_cache: Retrieved 223 bytes from memcached (5) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (5) eduroam_inner_cache: Found entry for "asdf@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (5) [eduroam_inner_cache] = ok (5) if (notfound) { (5) if (notfound) -> FALSE (5) else { (5) update control { (5) &Cache-Read-Only = yes (5) &Cache-Merge = yes (5) } # update control = noop (5) } # else = noop (5) eduroam_inner_cache: EXPAND %{User-Name} (5) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (5) eduroam_inner_cache: Retrieved 223 bytes from memcached (5) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (5) eduroam_inner_cache: Found entry for "asdf@utk.edu" (5) eduroam_inner_cache: Merging cache entry into request (5) eduroam_inner_cache: &control:Aruba-User-Role = '' (5) eduroam_inner_cache: &request:Stripped-User-Name = '' (5) eduroam_inner_cache: &request:Realm = '' (5) eduroam_inner_cache: &reply:Reply-Message = '' rlm_cache (eduroam_inner_cache): Released connection (4) (5) [eduroam_inner_cache] = ok (5) policy debug_all { (5) policy debug_control { (5) if ("%{debug_attr:control:}" == '') { (5) Attributes matching "control:" (5) &control:Cache-Merge = yes (5) &control:Aruba-User-Role = (5) EXPAND %{debug_attr:control:} (5) --> (5) if ("%{debug_attr:control:}" == '') -> TRUE (5) if ("%{debug_attr:control:}" == '') { (5) [noop] = noop (5) } # if ("%{debug_attr:control:}" == '') = noop (5) } # policy debug_control = noop (5) policy debug_request { (5) if ("%{debug_attr:request:}" == '') { (5) Attributes matching "request:" (5) &request:User-Name = asdf@utk.edu (5) &request:NAS-IP-Address = 10.5.1.52 (5) &request:NAS-Port = 0 (5) &request:NAS-Identifier = eduroam (5) &request:NAS-Port-Type = Wireless-802.11 (5) &request:Calling-Station-Id = 606720b6d928 (5) &request:Called-Station-Id = 001a1e00cc48 (5) &request:Service-Type = Login-User (5) &request:Framed-MTU = 1100 (5) &request:EAP-Message = 0x020600061900 (5) &request:State = 0x78fd83c07cfb9aaab77aabb1eee2fef2 (5) &request:Aruba-Essid-Name = frtest-eduroam (5) &request:Aruba-Location-Id = WMN-01-04 (5) &request:Aruba-AP-Group = MN - Kingston Pike Building (5) &request:Message-Authenticator = 0x54cfd0571953c8659ffa15dba1462790 (5) &request:Stripped-User-Name = (5) &request:Realm = (5) EXPAND %{debug_attr:request:} (5) --> (5) if ("%{debug_attr:request:}" == '') -> TRUE (5) if ("%{debug_attr:request:}" == '') { (5) [noop] = noop (5) } # if ("%{debug_attr:request:}" == '') = noop (5) } # policy debug_request = noop (5) policy debug_reply { (5) if ("%{debug_attr:reply:}" == '') { (5) Attributes matching "reply:" (5) &reply:Reply-Message = (5) EXPAND %{debug_attr:reply:} (5) --> (5) if ("%{debug_attr:reply:}" == '') -> TRUE (5) if ("%{debug_attr:reply:}" == '') { (5) [noop] = noop (5) } # if ("%{debug_attr:reply:}" == '') = noop (5) } # policy debug_reply = noop (5) } # policy debug_all = noop (5) eduroam_eap: Peer sent code Response (2) ID 6 length 6 (5) eduroam_eap: Continuing tunnel setup (5) [eduroam_eap] = ok (5) [mschap] = noop (5) [chap] = noop (5) [pap] = noop (5) } # authorize = ok (5) Found Auth-Type = eduroam_eap (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (5) Auth-Type eduroam_eap { (5) eduroam_eap: Expiring EAP session with state 0x78fd83c07cfb9aaa (5) eduroam_eap: Finished EAP session with state 0x78fd83c07cfb9aaa (5) eduroam_eap: Previous EAP request found for state 0x78fd83c07cfb9aaa, released from the list (5) eduroam_eap: Peer sent method PEAP (25) (5) eduroam_eap: EAP PEAP (25) (5) eduroam_eap: Calling eap_peap to process EAP data (5) eap_peap: processing EAP-TLS (5) eap_peap: Received TLS ACK (5) eap_peap: Received TLS ACK (5) eap_peap: ACK handshake fragment handler (5) eap_peap: eaptls_verify returned 1 (5) eap_peap: eaptls_process returned 13 (5) eap_peap: FR_TLS_HANDLED (5) eduroam_eap: EAP session adding &reply:State = 0x78fd83c07dfa9aaa (5) [eduroam_eap] = handled (5) } # Auth-Type eduroam_eap = handled (5) Using Post-Auth-Type Challenge (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (5) Sent Access-Challenge Id 220 from 160.36.188.35:1812 to 10.5.0.11:36258 length 475 (5) Reply-Message = '' (5) EAP-Message = 0x0107019f19000f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604160301014b0c0001470300174104e7307f8f3b83951a570ca76c116b1d6bb372c053d20ed2da547ab41b3583287da1d25d (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0x78fd83c07dfa9aaab77aabb1eee2fef2 (5) Finished request Waking up in 0.2 seconds. (6) Received Access-Request Id 223 from 10.5.0.11:36258 to 160.36.188.35:1812 length 365 (6) User-Name = 'asdf@utk.edu' (6) NAS-IP-Address = 10.5.1.52 (6) NAS-Port = 0 (6) NAS-Identifier = 'eduroam' (6) NAS-Port-Type = Wireless-802.11 (6) Calling-Station-Id = '606720b6d928' (6) Called-Station-Id = '001a1e00cc48' (6) Service-Type = Login-User (6) Framed-MTU = 1100 (6) EAP-Message = 0x020700901980000000861603010046100000424104547844f64d2493fdfda8a74e36206c2405b73b029b1d80fad1aec54e39c8701fbadf066207d00312568d2bf363d8c43666efc7e0f33e0bbe70d7ea62ece1b00114030100010116030100309bc7095a56071f89f1f53cbabc2e106994290f450ad811 (6) State = 0x78fd83c07dfa9aaab77aabb1eee2fef2 (6) Aruba-Essid-Name = 'frtest-eduroam' (6) Aruba-Location-Id = 'WMN-01-04' (6) Aruba-AP-Group = 'MN - Kingston Pike Building' (6) Message-Authenticator = 0xb3705182ab84f0a52238ca5b5614342d (6) session-state: No cached attributes (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (6) authorize { (6) if ( NAS-Identifier != 'eduroam' ) { (6) if ( NAS-Identifier != 'eduroam' ) -> FALSE (6) update control { (6) &Cache-Status-Only = yes (6) } # update control = noop (6) eduroam_inner_cache: EXPAND %{User-Name} (6) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (6) eduroam_inner_cache: Retrieved 223 bytes from memcached (6) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (6) eduroam_inner_cache: Found entry for "asdf@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (6) [eduroam_inner_cache] = ok (6) if (notfound) { (6) if (notfound) -> FALSE (6) else { (6) update control { (6) &Cache-Read-Only = yes (6) &Cache-Merge = yes (6) } # update control = noop (6) } # else = noop (6) eduroam_inner_cache: EXPAND %{User-Name} (6) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (6) eduroam_inner_cache: Retrieved 223 bytes from memcached (6) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (6) eduroam_inner_cache: Found entry for "asdf@utk.edu" (6) eduroam_inner_cache: Merging cache entry into request (6) eduroam_inner_cache: &control:Aruba-User-Role = '' (6) eduroam_inner_cache: &request:Stripped-User-Name = '' (6) eduroam_inner_cache: &request:Realm = '' (6) eduroam_inner_cache: &reply:Reply-Message = '' rlm_cache (eduroam_inner_cache): Released connection (4) (6) [eduroam_inner_cache] = ok (6) policy debug_all { (6) policy debug_control { (6) if ("%{debug_attr:control:}" == '') { (6) Attributes matching "control:" (6) &control:Cache-Merge = yes (6) &control:Aruba-User-Role = (6) EXPAND %{debug_attr:control:} (6) --> (6) if ("%{debug_attr:control:}" == '') -> TRUE (6) if ("%{debug_attr:control:}" == '') { (6) [noop] = noop (6) } # if ("%{debug_attr:control:}" == '') = noop (6) } # policy debug_control = noop (6) policy debug_request { (6) if ("%{debug_attr:request:}" == '') { (6) Attributes matching "request:" (6) &request:User-Name = asdf@utk.edu (6) &request:NAS-IP-Address = 10.5.1.52 (6) &request:NAS-Port = 0 (6) &request:NAS-Identifier = eduroam (6) &request:NAS-Port-Type = Wireless-802.11 (6) &request:Calling-Station-Id = 606720b6d928 (6) &request:Called-Station-Id = 001a1e00cc48 (6) &request:Service-Type = Login-User (6) &request:Framed-MTU = 1100 (6) &request:EAP-Message = 0x020700901980000000861603010046100000424104547844f64d2493fdfda8a74e36206c2405b73b029b1d80fad1aec54e39c8701fbadf066207d00312568d2bf363d8c43666efc7e0f33e0bbe70d7ea62ece1b00114030100010116030100309bc7095a56071f89f1f53cbabc2e106994290f450ad8117fc1519ce44abcd4bc479016fd26bcc34a4a4451c0860afdac (6) &request:State = 0x78fd83c07dfa9aaab77aabb1eee2fef2 (6) &request:Aruba-Essid-Name = frtest-eduroam (6) &request:Aruba-Location-Id = WMN-01-04 (6) &request:Aruba-AP-Group = MN - Kingston Pike Building (6) &request:Message-Authenticator = 0xb3705182ab84f0a52238ca5b5614342d (6) &request:Stripped-User-Name = (6) &request:Realm = (6) EXPAND %{debug_attr:request:} (6) --> (6) if ("%{debug_attr:request:}" == '') -> TRUE (6) if ("%{debug_attr:request:}" == '') { (6) [noop] = noop (6) } # if ("%{debug_attr:request:}" == '') = noop (6) } # policy debug_request = noop (6) policy debug_reply { (6) if ("%{debug_attr:reply:}" == '') { (6) Attributes matching "reply:" (6) &reply:Reply-Message = (6) EXPAND %{debug_attr:reply:} (6) --> (6) if ("%{debug_attr:reply:}" == '') -> TRUE (6) if ("%{debug_attr:reply:}" == '') { (6) [noop] = noop (6) } # if ("%{debug_attr:reply:}" == '') = noop (6) } # policy debug_reply = noop (6) } # policy debug_all = noop (6) eduroam_eap: Peer sent code Response (2) ID 7 length 144 (6) eduroam_eap: Continuing tunnel setup (6) [eduroam_eap] = ok (6) [mschap] = noop (6) [chap] = noop (6) [pap] = noop (6) } # authorize = ok (6) Found Auth-Type = eduroam_eap (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (6) Auth-Type eduroam_eap { (6) eduroam_eap: Expiring EAP session with state 0x78fd83c07dfa9aaa (6) eduroam_eap: Finished EAP session with state 0x78fd83c07dfa9aaa (6) eduroam_eap: Previous EAP request found for state 0x78fd83c07dfa9aaa, released from the list (6) eduroam_eap: Peer sent method PEAP (25) (6) eduroam_eap: EAP PEAP (25) (6) eduroam_eap: Calling eap_peap to process EAP data (6) eap_peap: processing EAP-TLS (6) eap_peap: TLS Length 134 (6) eap_peap: Length Included (6) eap_peap: eaptls_verify returned 11 (6) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange (6) eap_peap: TLS_accept: SSLv3 read client key exchange A (6) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001] (6) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished (6) eap_peap: TLS_accept: SSLv3 read finished A (6) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001] (6) eap_peap: TLS_accept: SSLv3 write change cipher spec A (6) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished (6) eap_peap: TLS_accept: SSLv3 write finished A (6) eap_peap: TLS_accept: SSLv3 flush data SSL: adding session 659a93f60c9895b2494d0a6f17c7a19f3e2df68c1cf134d2b748d33d4dc25b29 to cache (6) eap_peap: (other): SSL negotiation finished successfully SSL Connection Established (6) eap_peap: eaptls_process returned 13 (6) eap_peap: FR_TLS_HANDLED (6) eduroam_eap: EAP session adding &reply:State = 0x78fd83c07ef59aaa (6) [eduroam_eap] = handled (6) } # Auth-Type eduroam_eap = handled (6) Using Post-Auth-Type Challenge (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (6) Sent Access-Challenge Id 223 from 160.36.188.35:1812 to 10.5.0.11:36258 length 123 (6) Reply-Message = '' (6) EAP-Message = 0x0108004119001403010001011603010030b161552d1758bc2d235dabd702696e6ed32c96d4c139721a156693e962938bd8c19b70de9641f50135cc569a177e1b1f (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x78fd83c07ef59aaab77aabb1eee2fef2 (6) Finished request Waking up in 0.2 seconds. (7) Received Access-Request Id 225 from 10.5.0.11:36258 to 160.36.188.35:1812 length 227 (7) User-Name = 'asdf@utk.edu' (7) NAS-IP-Address = 10.5.1.52 (7) NAS-Port = 0 (7) NAS-Identifier = 'eduroam' (7) NAS-Port-Type = Wireless-802.11 (7) Calling-Station-Id = '606720b6d928' (7) Called-Station-Id = '001a1e00cc48' (7) Service-Type = Login-User (7) Framed-MTU = 1100 (7) EAP-Message = 0x020800061900 (7) State = 0x78fd83c07ef59aaab77aabb1eee2fef2 (7) Aruba-Essid-Name = 'frtest-eduroam' (7) Aruba-Location-Id = 'WMN-01-04' (7) Aruba-AP-Group = 'MN - Kingston Pike Building' (7) Message-Authenticator = 0x1a5d0fc50c37b68fe2026350042c1dcb (7) session-state: No cached attributes (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (7) authorize { (7) if ( NAS-Identifier != 'eduroam' ) { (7) if ( NAS-Identifier != 'eduroam' ) -> FALSE (7) update control { (7) &Cache-Status-Only = yes (7) } # update control = noop (7) eduroam_inner_cache: EXPAND %{User-Name} (7) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (7) eduroam_inner_cache: Retrieved 223 bytes from memcached (7) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (7) eduroam_inner_cache: Found entry for "asdf@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (7) [eduroam_inner_cache] = ok (7) if (notfound) { (7) if (notfound) -> FALSE (7) else { (7) update control { (7) &Cache-Read-Only = yes (7) &Cache-Merge = yes (7) } # update control = noop (7) } # else = noop (7) eduroam_inner_cache: EXPAND %{User-Name} (7) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (7) eduroam_inner_cache: Retrieved 223 bytes from memcached (7) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (7) eduroam_inner_cache: Found entry for "asdf@utk.edu" (7) eduroam_inner_cache: Merging cache entry into request (7) eduroam_inner_cache: &control:Aruba-User-Role = '' (7) eduroam_inner_cache: &request:Stripped-User-Name = '' (7) eduroam_inner_cache: &request:Realm = '' (7) eduroam_inner_cache: &reply:Reply-Message = '' rlm_cache (eduroam_inner_cache): Released connection (4) (7) [eduroam_inner_cache] = ok (7) policy debug_all { (7) policy debug_control { (7) if ("%{debug_attr:control:}" == '') { (7) Attributes matching "control:" (7) &control:Cache-Merge = yes (7) &control:Aruba-User-Role = (7) EXPAND %{debug_attr:control:} (7) --> (7) if ("%{debug_attr:control:}" == '') -> TRUE (7) if ("%{debug_attr:control:}" == '') { (7) [noop] = noop (7) } # if ("%{debug_attr:control:}" == '') = noop (7) } # policy debug_control = noop (7) policy debug_request { (7) if ("%{debug_attr:request:}" == '') { (7) Attributes matching "request:" (7) &request:User-Name = asdf@utk.edu (7) &request:NAS-IP-Address = 10.5.1.52 (7) &request:NAS-Port = 0 (7) &request:NAS-Identifier = eduroam (7) &request:NAS-Port-Type = Wireless-802.11 (7) &request:Calling-Station-Id = 606720b6d928 (7) &request:Called-Station-Id = 001a1e00cc48 (7) &request:Service-Type = Login-User (7) &request:Framed-MTU = 1100 (7) &request:EAP-Message = 0x020800061900 (7) &request:State = 0x78fd83c07ef59aaab77aabb1eee2fef2 (7) &request:Aruba-Essid-Name = frtest-eduroam (7) &request:Aruba-Location-Id = WMN-01-04 (7) &request:Aruba-AP-Group = MN - Kingston Pike Building (7) &request:Message-Authenticator = 0x1a5d0fc50c37b68fe2026350042c1dcb (7) &request:Stripped-User-Name = (7) &request:Realm = (7) EXPAND %{debug_attr:request:} (7) --> (7) if ("%{debug_attr:request:}" == '') -> TRUE (7) if ("%{debug_attr:request:}" == '') { (7) [noop] = noop (7) } # if ("%{debug_attr:request:}" == '') = noop (7) } # policy debug_request = noop (7) policy debug_reply { (7) if ("%{debug_attr:reply:}" == '') { (7) Attributes matching "reply:" (7) &reply:Reply-Message = (7) EXPAND %{debug_attr:reply:} (7) --> (7) if ("%{debug_attr:reply:}" == '') -> TRUE (7) if ("%{debug_attr:reply:}" == '') { (7) [noop] = noop (7) } # if ("%{debug_attr:reply:}" == '') = noop (7) } # policy debug_reply = noop (7) } # policy debug_all = noop (7) eduroam_eap: Peer sent code Response (2) ID 8 length 6 (7) eduroam_eap: Continuing tunnel setup (7) [eduroam_eap] = ok (7) [mschap] = noop (7) [chap] = noop (7) [pap] = noop (7) } # authorize = ok (7) Found Auth-Type = eduroam_eap (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (7) Auth-Type eduroam_eap { (7) eduroam_eap: Expiring EAP session with state 0x78fd83c07ef59aaa (7) eduroam_eap: Finished EAP session with state 0x78fd83c07ef59aaa (7) eduroam_eap: Previous EAP request found for state 0x78fd83c07ef59aaa, released from the list (7) eduroam_eap: Peer sent method PEAP (25) (7) eduroam_eap: EAP PEAP (25) (7) eduroam_eap: Calling eap_peap to process EAP data (7) eap_peap: processing EAP-TLS (7) eap_peap: Received TLS ACK (7) eap_peap: Received TLS ACK (7) eap_peap: ACK handshake is finished (7) eap_peap: eaptls_verify returned 3 (7) eap_peap: eaptls_process returned 3 (7) eap_peap: FR_TLS_SUCCESS (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state TUNNEL ESTABLISHED (7) eduroam_eap: EAP session adding &reply:State = 0x78fd83c07ff49aaa (7) [eduroam_eap] = handled (7) } # Auth-Type eduroam_eap = handled (7) Using Post-Auth-Type Challenge (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (7) Sent Access-Challenge Id 225 from 160.36.188.35:1812 to 10.5.0.11:36258 length 101 (7) Reply-Message = '' (7) EAP-Message = 0x0109002b19001703010020741522035c1c3ff9253d3d7ad0606703a463f302ae0b30f07502c7a61199b778 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0x78fd83c07ff49aaab77aabb1eee2fef2 (7) Finished request Waking up in 0.2 seconds. (8) Received Access-Request Id 224 from 10.5.0.11:36258 to 160.36.188.35:1812 length 317 (8) User-Name = 'asdf@utk.edu' (8) NAS-IP-Address = 10.5.1.52 (8) NAS-Port = 0 (8) NAS-Identifier = 'eduroam' (8) NAS-Port-Type = Wireless-802.11 (8) Calling-Station-Id = '606720b6d928' (8) Called-Station-Id = '001a1e00cc48' (8) Service-Type = Login-User (8) Framed-MTU = 1100 (8) EAP-Message = 0x0209006019001703010020986a85e653e7a58a1879ef8de09dd51a0d7913967848638c70329917f06a697417030100306f8bf5f8578558e14c28d218550ea31ff73ac1fd71d9cb32440138cb94153bea544e89c242600f3363df86e6acfd52a8 (8) State = 0x78fd83c07ff49aaab77aabb1eee2fef2 (8) Aruba-Essid-Name = 'frtest-eduroam' (8) Aruba-Location-Id = 'WMN-01-04' (8) Aruba-AP-Group = 'MN - Kingston Pike Building' (8) Message-Authenticator = 0x631d2b1323bf128d96c7613403f91693 (8) session-state: No cached attributes (8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (8) authorize { (8) if ( NAS-Identifier != 'eduroam' ) { (8) if ( NAS-Identifier != 'eduroam' ) -> FALSE (8) update control { (8) &Cache-Status-Only = yes (8) } # update control = noop (8) eduroam_inner_cache: EXPAND %{User-Name} (8) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (8) eduroam_inner_cache: Retrieved 223 bytes from memcached (8) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (8) eduroam_inner_cache: Found entry for "asdf@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (8) [eduroam_inner_cache] = ok (8) if (notfound) { (8) if (notfound) -> FALSE (8) else { (8) update control { (8) &Cache-Read-Only = yes (8) &Cache-Merge = yes (8) } # update control = noop (8) } # else = noop (8) eduroam_inner_cache: EXPAND %{User-Name} (8) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (8) eduroam_inner_cache: Retrieved 223 bytes from memcached (8) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (8) eduroam_inner_cache: Found entry for "asdf@utk.edu" (8) eduroam_inner_cache: Merging cache entry into request (8) eduroam_inner_cache: &control:Aruba-User-Role = '' (8) eduroam_inner_cache: &request:Stripped-User-Name = '' (8) eduroam_inner_cache: &request:Realm = '' (8) eduroam_inner_cache: &reply:Reply-Message = '' rlm_cache (eduroam_inner_cache): Released connection (4) (8) [eduroam_inner_cache] = ok (8) policy debug_all { (8) policy debug_control { (8) if ("%{debug_attr:control:}" == '') { (8) Attributes matching "control:" (8) &control:Cache-Merge = yes (8) &control:Aruba-User-Role = (8) EXPAND %{debug_attr:control:} (8) --> (8) if ("%{debug_attr:control:}" == '') -> TRUE (8) if ("%{debug_attr:control:}" == '') { (8) [noop] = noop (8) } # if ("%{debug_attr:control:}" == '') = noop (8) } # policy debug_control = noop (8) policy debug_request { (8) if ("%{debug_attr:request:}" == '') { (8) Attributes matching "request:" (8) &request:User-Name = asdf@utk.edu (8) &request:NAS-IP-Address = 10.5.1.52 (8) &request:NAS-Port = 0 (8) &request:NAS-Identifier = eduroam (8) &request:NAS-Port-Type = Wireless-802.11 (8) &request:Calling-Station-Id = 606720b6d928 (8) &request:Called-Station-Id = 001a1e00cc48 (8) &request:Service-Type = Login-User (8) &request:Framed-MTU = 1100 (8) &request:EAP-Message = 0x0209006019001703010020986a85e653e7a58a1879ef8de09dd51a0d7913967848638c70329917f06a697417030100306f8bf5f8578558e14c28d218550ea31ff73ac1fd71d9cb32440138cb94153bea544e89c242600f3363df86e6acfd52a8 (8) &request:State = 0x78fd83c07ff49aaab77aabb1eee2fef2 (8) &request:Aruba-Essid-Name = frtest-eduroam (8) &request:Aruba-Location-Id = WMN-01-04 (8) &request:Aruba-AP-Group = MN - Kingston Pike Building (8) &request:Message-Authenticator = 0x631d2b1323bf128d96c7613403f91693 (8) &request:Stripped-User-Name = (8) &request:Realm = (8) EXPAND %{debug_attr:request:} (8) --> (8) if ("%{debug_attr:request:}" == '') -> TRUE (8) if ("%{debug_attr:request:}" == '') { (8) [noop] = noop (8) } # if ("%{debug_attr:request:}" == '') = noop (8) } # policy debug_request = noop (8) policy debug_reply { (8) if ("%{debug_attr:reply:}" == '') { (8) Attributes matching "reply:" (8) &reply:Reply-Message = (8) EXPAND %{debug_attr:reply:} (8) --> (8) if ("%{debug_attr:reply:}" == '') -> TRUE (8) if ("%{debug_attr:reply:}" == '') { (8) [noop] = noop (8) } # if ("%{debug_attr:reply:}" == '') = noop (8) } # policy debug_reply = noop (8) } # policy debug_all = noop (8) eduroam_eap: Peer sent code Response (2) ID 9 length 96 (8) eduroam_eap: Continuing tunnel setup (8) [eduroam_eap] = ok (8) [mschap] = noop (8) [chap] = noop (8) [pap] = noop (8) } # authorize = ok (8) Found Auth-Type = eduroam_eap (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (8) Auth-Type eduroam_eap { (8) eduroam_eap: Expiring EAP session with state 0x78fd83c07ff49aaa (8) eduroam_eap: Finished EAP session with state 0x78fd83c07ff49aaa (8) eduroam_eap: Previous EAP request found for state 0x78fd83c07ff49aaa, released from the list (8) eduroam_eap: Peer sent method PEAP (25) (8) eduroam_eap: EAP PEAP (25) (8) eduroam_eap: Calling eap_peap to process EAP data (8) eap_peap: processing EAP-TLS (8) eap_peap: eaptls_verify returned 7 (8) eap_peap: Done initial handshake (8) eap_peap: eaptls_process returned 7 (8) eap_peap: FR_TLS_OK (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state WAITING FOR INNER IDENTITY (8) eap_peap: Identity - kbirkela@utk.edu (8) eap_peap: Got inner identity 'kbirkela@utk.edu' (8) eap_peap: Setting default EAP type for tunneled EAP session (8) eap_peap: Got tunneled request (8) eap_peap: EAP-Message = 0x02090015016b6269726b656c614075746b2e656475 (8) eap_peap: Setting User-Name to kbirkela@utk.edu (8) eap_peap: Sending tunneled request to eduroam (8) eap_peap: EAP-Message = 0x02090015016b6269726b656c614075746b2e656475 (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (8) eap_peap: User-Name = 'kbirkela@utk.edu' (8) eap_peap: NAS-IP-Address = 10.5.1.52 (8) eap_peap: NAS-Port = 0 (8) eap_peap: NAS-Identifier = 'eduroam' (8) eap_peap: NAS-Port-Type = Wireless-802.11 (8) eap_peap: Calling-Station-Id = '606720b6d928' (8) eap_peap: Called-Station-Id = '001a1e00cc48' (8) eap_peap: Service-Type = Login-User (8) eap_peap: Framed-MTU = 1100 (8) eap_peap: Aruba-Essid-Name = 'frtest-eduroam' (8) eap_peap: Aruba-Location-Id = 'WMN-01-04' (8) eap_peap: Aruba-AP-Group = 'MN - Kingston Pike Building' (8) Virtual server received request (8) EAP-Message = 0x02090015016b6269726b656c614075746b2e656475 (8) FreeRADIUS-Proxied-To = 127.0.0.1 (8) User-Name = 'kbirkela@utk.edu' (8) NAS-IP-Address = 10.5.1.52 (8) NAS-Port = 0 (8) NAS-Identifier = 'eduroam' (8) NAS-Port-Type = Wireless-802.11 (8) Calling-Station-Id = '606720b6d928' (8) Called-Station-Id = '001a1e00cc48' (8) Service-Type = Login-User (8) Framed-MTU = 1100 (8) Aruba-Essid-Name = 'frtest-eduroam' (8) Aruba-Location-Id = 'WMN-01-04' (8) Aruba-AP-Group = 'MN - Kingston Pike Building' (8) server eduroam { (8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (8) authorize { (8) if ( NAS-Identifier != 'eduroam' ) { (8) if ( NAS-Identifier != 'eduroam' ) -> FALSE (8) update control { (8) &Cache-Status-Only = yes (8) } # update control = noop (8) eduroam_inner_cache: EXPAND %{User-Name} (8) eduroam_inner_cache: --> kbirkela@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (8) eduroam_inner_cache: No cache entry found for "kbirkela@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (8) [eduroam_inner_cache] = notfound (8) if (notfound) { (8) if (notfound) -> TRUE (8) if (notfound) { (8) policy filter_username { (8) if (!&User-Name) { (8) if (!&User-Name) -> FALSE (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@.*@/ ) { (8) if (&User-Name =~ /@.*@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ /@\./) { (8) if (&User-Name =~ /@\./) -> FALSE (8) } # policy filter_username = noop (8) [preprocess] = ok (8) suffix: Checking for suffix after "@" (8) suffix: Looking up realm "utk.edu" for User-Name = "kbirkela@utk.edu" (8) suffix: Found realm "utk.edu" (8) suffix: Adding Stripped-User-Name = "kbirkela" (8) suffix: Adding Realm = "utk.edu" (8) suffix: Authentication realm is LOCAL (8) [suffix] = ok rlm_ldap (utk_ad): Reserved connection (4) (8) utk_ad: EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}}) (8) utk_ad: --> (cn=kbirkela) (8) utk_ad: Performing search in "dc=tennessee,dc=edu" with filter "(cn=kbirkela)", scope "sub" (8) utk_ad: Waiting for search result... (8) utk_ad: User object found at DN "CN=kbirkela,OU=OIT Comm Grp Service Center,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu" (8) utk_ad: Processing user attributes (8) utk_ad: control:AD-Group += 'CN=UTK.OIT.NS.Accounts,OU=Network Services,OU=OIT,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) utk_ad: control:AD-Group += 'CN=OIT.NS.Sysadmins,OU=OIT Comm Grp Service Center,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President\'s Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) utk_ad: control:AD-Group += 'CN=UTK.EECS.Dreamspark.Students,OU=EECS,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) utk_ad: control:AD-Group += 'CN=UTK.UTApps.Licgroup3,OU=Licensing,OU=Groups,OU=UTApps,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) utk_ad: control:AD-Group += 'CN=UTK.UTApps.Licgroup2,OU=Licensing,OU=Groups,OU=UTApps,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) utk_ad: control:AD-Group += 'CN=UTKOIT,OU=Groups,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) utk_ad: control:AD-Group += 'CN=Student_UTK,OU=Groups,OU=The University of Tennessee,DC=tennessee,DC=edu' (8) utk_ad: control:AD-Group += 'CN=Staff_UTK,OU=Groups,OU=The University of Tennessee,DC=tennessee,DC=edu' (8) utk_ad: control:AD-Group += 'CN=OIT_WAN,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President\'s Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) utk_ad: control:AD-Group += 'CN=UTK.EECS.AllUsers,OU=Labs,OU=EECS,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) utk_ad: control:AD-Group += 'CN=OIT_All_Employees,OU=VC-Information Technology,OU=Office of the Chancellor,OU=University of Tennessee,OU=President\'s Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) utk_ad: control:AD-Group += 'CN=Network Services Users,OU=Network,OU=UTSA Information Technology Services,OU=Exec Vice President\'s Ofc,OU=University-Wide Administration,OU=President\'s Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' rlm_ldap (utk_ad): Released connection (4) (8) [utk_ad] = updated (8) classify_user: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'kbirkela@utk.edu' (8) classify_user: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '10.5.1.52' (8) classify_user: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '0' (8) classify_user: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Login-User' (8) classify_user: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1100' (8) classify_user: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '001a1e00cc48' (8) classify_user: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '606720b6d928' (8) classify_user: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'eduroam' (8) classify_user: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Wireless-802.11' (8) classify_user: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Apr 13 2015 16:24:24 EDT' (8) classify_user: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x02090015016b6269726b656c614075746b2e656475' (8) classify_user: $RAD_REQUEST{'Aruba-Essid-Name'} = &request:Aruba-Essid-Name -> 'frtest-eduroam' (8) classify_user: $RAD_REQUEST{'Aruba-Location-Id'} = &request:Aruba-Location-Id -> 'WMN-01-04' (8) classify_user: $RAD_REQUEST{'Aruba-AP-Group'} = &request:Aruba-AP-Group -> 'MN - Kingston Pike Building' (8) classify_user: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1' (8) classify_user: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'kbirkela' (8) classify_user: $RAD_REQUEST{'Realm'} = &request:Realm -> 'utk.edu' (8) classify_user: $RAD_CHECK{'EAP-Type'} = &control:EAP-Type -> 'MSCHAPv2' (8) classify_user: $RAD_CHECK{'Ldap-UserDn'} = &control:Ldap-UserDn -> 'CN=kbirkela,OU=OIT Comm Grp Service Center,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CHECK{'AD-Group'}[0] = &control:AD-Group -> 'CN=UTK.OIT.NS.Accounts,OU=Network Services,OU=OIT,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CHECK{'AD-Group'}[1] = &control:AD-Group -> 'CN=OIT.NS.Sysadmins,OU=OIT Comm Grp Service Center,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CHECK{'AD-Group'}[2] = &control:AD-Group -> 'CN=UTK.EECS.Dreamspark.Students,OU=EECS,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CHECK{'AD-Group'}[3] = &control:AD-Group -> 'CN=UTK.UTApps.Licgroup3,OU=Licensing,OU=Groups,OU=UTApps,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CHECK{'AD-Group'}[4] = &control:AD-Group -> 'CN=UTK.UTApps.Licgroup2,OU=Licensing,OU=Groups,OU=UTApps,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CHECK{'AD-Group'}[5] = &control:AD-Group -> 'CN=UTKOIT,OU=Groups,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CHECK{'AD-Group'}[6] = &control:AD-Group -> 'CN=Student_UTK,OU=Groups,OU=The University of Tennessee,DC=tennessee,DC=edu' (8) classify_user: $RAD_CHECK{'AD-Group'}[7] = &control:AD-Group -> 'CN=Staff_UTK,OU=Groups,OU=The University of Tennessee,DC=tennessee,DC=edu' (8) classify_user: $RAD_CHECK{'AD-Group'}[8] = &control:AD-Group -> 'CN=OIT_WAN,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CHECK{'AD-Group'}[9] = &control:AD-Group -> 'CN=UTK.EECS.AllUsers,OU=Labs,OU=EECS,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CHECK{'AD-Group'}[10] = &control:AD-Group -> 'CN=OIT_All_Employees,OU=VC-Information Technology,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CHECK{'AD-Group'}[11] = &control:AD-Group -> 'CN=Network Services Users,OU=Network,OU=UTSA Information Technology Services,OU=Exec Vice President's Ofc,OU=University-Wide Administration,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'EAP-Type'} = &control:EAP-Type -> 'MSCHAPv2' (8) classify_user: $RAD_CONFIG{'Ldap-UserDn'} = &control:Ldap-UserDn -> 'CN=kbirkela,OU=OIT Comm Grp Service Center,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'AD-Group'}[0] = &control:AD-Group -> 'CN=UTK.OIT.NS.Accounts,OU=Network Services,OU=OIT,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'AD-Group'}[1] = &control:AD-Group -> 'CN=OIT.NS.Sysadmins,OU=OIT Comm Grp Service Center,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'AD-Group'}[2] = &control:AD-Group -> 'CN=UTK.EECS.Dreamspark.Students,OU=EECS,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'AD-Group'}[3] = &control:AD-Group -> 'CN=UTK.UTApps.Licgroup3,OU=Licensing,OU=Groups,OU=UTApps,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'AD-Group'}[4] = &control:AD-Group -> 'CN=UTK.UTApps.Licgroup2,OU=Licensing,OU=Groups,OU=UTApps,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'AD-Group'}[5] = &control:AD-Group -> 'CN=UTKOIT,OU=Groups,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'AD-Group'}[6] = &control:AD-Group -> 'CN=Student_UTK,OU=Groups,OU=The University of Tennessee,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'AD-Group'}[7] = &control:AD-Group -> 'CN=Staff_UTK,OU=Groups,OU=The University of Tennessee,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'AD-Group'}[8] = &control:AD-Group -> 'CN=OIT_WAN,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'AD-Group'}[9] = &control:AD-Group -> 'CN=UTK.EECS.AllUsers,OU=Labs,OU=EECS,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'AD-Group'}[10] = &control:AD-Group -> 'CN=OIT_All_Employees,OU=VC-Information Technology,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: $RAD_CONFIG{'AD-Group'}[11] = &control:AD-Group -> 'CN=Network Services Users,OU=Network,OU=UTSA Information Technology Services,OU=Exec Vice President's Ofc,OU=University-Wide Administration,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Wireless-802.11' (8) classify_user: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Login-User' (8) classify_user: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '001a1e00cc48' (8) classify_user: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1' (8) classify_user: &request:Realm = $RAD_REQUEST{'Realm'} -> 'utk.edu' (8) classify_user: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '10.5.1.52' (8) classify_user: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '606720b6d928' (8) classify_user: &request:Aruba-Essid-Name = $RAD_REQUEST{'Aruba-Essid-Name'} -> 'frtest-eduroam' (8) classify_user: &request:Aruba-AP-Group = $RAD_REQUEST{'Aruba-AP-Group'} -> 'MN - Kingston Pike Building' (8) classify_user: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'kbirkela@utk.edu' (8) classify_user: &request:Aruba-Location-Id = $RAD_REQUEST{'Aruba-Location-Id'} -> 'WMN-01-04' (8) classify_user: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'eduroam' (8) classify_user: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Apr 13 2015 16:24:24 EDT' (8) classify_user: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x02090015016b6269726b656c614075746b2e656475' (8) classify_user: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '0' (8) classify_user: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'kbirkela' (8) classify_user: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1100' (8) classify_user: &control:Aruba-User-Role = $RAD_CHECK{'Aruba-User-Role'} -> 'eduroam-ns' (8) classify_user: &control:AD-Group += $RAD_CHECK{'AD-Group'} -> 'CN=UTK.OIT.NS.Accounts,OU=Network Services,OU=OIT,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: &control:AD-Group += $RAD_CHECK{'AD-Group'} -> 'CN=OIT.NS.Sysadmins,OU=OIT Comm Grp Service Center,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: &control:AD-Group += $RAD_CHECK{'AD-Group'} -> 'CN=UTK.EECS.Dreamspark.Students,OU=EECS,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: &control:AD-Group += $RAD_CHECK{'AD-Group'} -> 'CN=UTK.UTApps.Licgroup3,OU=Licensing,OU=Groups,OU=UTApps,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: &control:AD-Group += $RAD_CHECK{'AD-Group'} -> 'CN=UTK.UTApps.Licgroup2,OU=Licensing,OU=Groups,OU=UTApps,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: &control:AD-Group += $RAD_CHECK{'AD-Group'} -> 'CN=UTKOIT,OU=Groups,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: &control:AD-Group += $RAD_CHECK{'AD-Group'} -> 'CN=Student_UTK,OU=Groups,OU=The University of Tennessee,DC=tennessee,DC=edu' (8) classify_user: &control:AD-Group += $RAD_CHECK{'AD-Group'} -> 'CN=Staff_UTK,OU=Groups,OU=The University of Tennessee,DC=tennessee,DC=edu' (8) classify_user: &control:AD-Group += $RAD_CHECK{'AD-Group'} -> 'CN=OIT_WAN,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: &control:AD-Group += $RAD_CHECK{'AD-Group'} -> 'CN=UTK.EECS.AllUsers,OU=Labs,OU=EECS,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu' (8) classify_user: &control:AD-Group += $RAD_CHECK{'AD-Group'} -> 'CN=OIT_All_Employees,OU=VC-Information Technology,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: &control:AD-Group += $RAD_CHECK{'AD-Group'} -> 'CN=Network Services Users,OU=Network,OU=UTSA Information Technology Services,OU=Exec Vice President's Ofc,OU=University-Wide Administration,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: &control:Ldap-UserDn = $RAD_CHECK{'Ldap-UserDn'} -> 'CN=kbirkela,OU=OIT Comm Grp Service Center,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President's Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu' (8) classify_user: &control:EAP-Type = $RAD_CHECK{'EAP-Type'} -> 'MSCHAPv2' (8) [classify_user] = ok (8) if ( Realm == 'NULL' ) { (8) if ( Realm == 'NULL' ) -> FALSE (8) } # if (notfound) = updated (8) ... skipping else for request 8: Preceding "if" was taken (8) eduroam_inner_cache: EXPAND %{User-Name} (8) eduroam_inner_cache: --> kbirkela@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (8) eduroam_inner_cache: No cache entry found for "kbirkela@utk.edu" (8) eduroam_inner_cache: Creating new cache entry (8) eduroam_inner_cache: request:Stripped-User-Name = &Stripped-User-Name -> 'kbirkela' (8) eduroam_inner_cache: request:Realm = &Realm -> 'utk.edu' (8) eduroam_inner_cache: control:Aruba-User-Role := &Aruba-User-Role -> 'eduroam-ns' (8) eduroam_inner_cache: EXPAND Cache last updated at %t (8) eduroam_inner_cache: --> Cache last updated at Mon Apr 13 16:24:24 2015 (8) eduroam_inner_cache: reply:Reply-Message += "Cache last updated at Mon Apr 13 16:24:24 2015" (8) eduroam_inner_cache: Merging cache entry into request (8) eduroam_inner_cache: &control:Aruba-User-Role := 'eduroam-ns' (8) eduroam_inner_cache: &request:Stripped-User-Name = 'kbirkela' (8) eduroam_inner_cache: &request:Realm = 'utk.edu' (8) eduroam_inner_cache: &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:24 2015' (8) eduroam_inner_cache: Commited entry, TTL 14400 seconds rlm_cache (eduroam_inner_cache): Released connection (4) (8) [eduroam_inner_cache] = updated (8) policy debug_all { (8) policy debug_control { (8) if ("%{debug_attr:control:}" == '') { (8) Attributes matching "control:" (8) &control:Aruba-User-Role = eduroam-ns (8) &control:AD-Group = CN=UTK.OIT.NS.Accounts,OU=Network Services,OU=OIT,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu (8) &control:AD-Group = CN=OIT.NS.Sysadmins,OU=OIT Comm Grp Service Center,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President\'s Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu (8) &control:AD-Group = CN=UTK.EECS.Dreamspark.Students,OU=EECS,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu (8) &control:AD-Group = CN=UTK.UTApps.Licgroup3,OU=Licensing,OU=Groups,OU=UTApps,OU=Knoxville,DC=utk,DC=tennessee,DC=edu (8) &control:AD-Group = CN=UTK.UTApps.Licgroup2,OU=Licensing,OU=Groups,OU=UTApps,OU=Knoxville,DC=utk,DC=tennessee,DC=edu (8) &control:AD-Group = CN=UTKOIT,OU=Groups,OU=Knoxville,DC=utk,DC=tennessee,DC=edu (8) &control:AD-Group = CN=Student_UTK,OU=Groups,OU=The University of Tennessee,DC=tennessee,DC=edu (8) &control:AD-Group = CN=Staff_UTK,OU=Groups,OU=The University of Tennessee,DC=tennessee,DC=edu (8) &control:AD-Group = CN=OIT_WAN,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President\'s Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu (8) &control:AD-Group = CN=UTK.EECS.AllUsers,OU=Labs,OU=EECS,OU=Departments,OU=Knoxville,DC=utk,DC=tennessee,DC=edu (8) &control:AD-Group = CN=OIT_All_Employees,OU=VC-Information Technology,OU=Office of the Chancellor,OU=University of Tennessee,OU=President\'s Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu (8) &control:AD-Group = CN=Network Services Users,OU=Network,OU=UTSA Information Technology Services,OU=Exec Vice President\'s Ofc,OU=University-Wide Administration,OU=President\'s Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu (8) &control:Ldap-UserDn = CN=kbirkela,OU=OIT Comm Grp Service Center,OU=Office of Info Tech-General,OU=VC-Finance & Admin,OU=Office of the Chancellor,OU=University of Tennessee,OU=President\'s Office,OU=UT Board of Trustees,OU=The University of Tennessee,DC=utk,DC=tennessee,DC=edu (8) &control:EAP-Type = MSCHAPv2 (8) EXPAND %{debug_attr:control:} (8) --> (8) if ("%{debug_attr:control:}" == '') -> TRUE (8) if ("%{debug_attr:control:}" == '') { (8) [noop] = noop (8) } # if ("%{debug_attr:control:}" == '') = noop (8) } # policy debug_control = noop (8) policy debug_request { (8) if ("%{debug_attr:request:}" == '') { (8) Attributes matching "request:" (8) &request:NAS-Port-Type = Wireless-802.11 (8) &request:Service-Type = Login-User (8) &request:Called-Station-Id = 001a1e00cc48 (8) &request:FreeRADIUS-Proxied-To = 127.0.0.1 (8) &request:Realm = utk.edu (8) &request:NAS-IP-Address = 10.5.1.52 (8) &request:Calling-Station-Id = 606720b6d928 (8) &request:Aruba-Essid-Name = frtest-eduroam (8) &request:Aruba-AP-Group = MN - Kingston Pike Building (8) &request:User-Name = kbirkela@utk.edu (8) &request:Aruba-Location-Id = WMN-01-04 (8) &request:NAS-Identifier = eduroam (8) &request:Event-Timestamp = Apr 13 2015 16:24:24 EDT (8) &request:EAP-Message = 0x02090015016b6269726b656c614075746b2e656475 (8) &request:NAS-Port = 0 (8) &request:Stripped-User-Name = kbirkela (8) &request:Framed-MTU = 1100 (8) EXPAND %{debug_attr:request:} (8) --> (8) if ("%{debug_attr:request:}" == '') -> TRUE (8) if ("%{debug_attr:request:}" == '') { (8) [noop] = noop (8) } # if ("%{debug_attr:request:}" == '') = noop (8) } # policy debug_request = noop (8) policy debug_reply { (8) if ("%{debug_attr:reply:}" == '') { (8) Attributes matching "reply:" (8) &reply:Reply-Message = Cache last updated at Mon Apr 13 16:24:24 2015 (8) EXPAND %{debug_attr:reply:} (8) --> (8) if ("%{debug_attr:reply:}" == '') -> TRUE (8) if ("%{debug_attr:reply:}" == '') { (8) [noop] = noop (8) } # if ("%{debug_attr:reply:}" == '') = noop (8) } # policy debug_reply = noop (8) } # policy debug_all = noop (8) eduroam_eap: Peer sent code Response (2) ID 9 length 21 (8) eduroam_eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (8) [eduroam_eap] = ok (8) [mschap] = noop (8) [chap] = noop (8) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (8) pap: WARNING: Authentication will fail unless a "known good" password is available (8) [pap] = noop (8) } # authorize = updated (8) Found Auth-Type = eduroam_eap (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (8) Auth-Type eduroam_eap { (8) eduroam_eap: Peer sent method Identity (1) (8) eduroam_eap: Calling eap_mschapv2 to process EAP data (8) eap_mschapv2: Issuing Challenge (8) eduroam_eap: EAP session adding &reply:State = 0xfc7f4e92fc75541c (8) [eduroam_eap] = handled (8) } # Auth-Type eduroam_eap = handled (8) } # server eduroam (8) Virtual server sending reply (8) Reply-Message = 'Cache last updated at Mon Apr 13 16:24:24 2015' (8) EAP-Message = 0x010a002a1a010a0025106ed38f6f9ea97f2b28ead9d590f280e26b6269726b656c614075746b2e656475 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0xfc7f4e92fc75541c029a41452a9ec0ee (8) eap_peap: Got tunneled reply code 11 (8) eap_peap: Reply-Message = 'Cache last updated at Mon Apr 13 16:24:24 2015' (8) eap_peap: EAP-Message = 0x010a002a1a010a0025106ed38f6f9ea97f2b28ead9d590f280e26b6269726b656c614075746b2e656475 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: State = 0xfc7f4e92fc75541c029a41452a9ec0ee (8) eap_peap: Got tunneled reply RADIUS code 11 (8) eap_peap: Reply-Message = 'Cache last updated at Mon Apr 13 16:24:24 2015' (8) eap_peap: EAP-Message = 0x010a002a1a010a0025106ed38f6f9ea97f2b28ead9d590f280e26b6269726b656c614075746b2e656475 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: State = 0xfc7f4e92fc75541c029a41452a9ec0ee (8) eap_peap: Got tunneled Access-Challenge (8) eduroam_eap: EAP session adding &reply:State = 0x78fd83c070f79aaa (8) [eduroam_eap] = handled (8) } # Auth-Type eduroam_eap = handled (8) Using Post-Auth-Type Challenge (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (8) Sent Access-Challenge Id 224 from 160.36.188.35:1812 to 10.5.0.11:36258 length 133 (8) Reply-Message = '' (8) EAP-Message = 0x010a004b19001703010040b28c9979039bb7f472779d3c8b613ba6ba7f51e247e1ac98e6bcb3842c532fafd11c4a5dbfa92a5c230e6010db6a9750486412f28cdb1af3a9d4bf9664b0fac2 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x78fd83c070f79aaab77aabb1eee2fef2 (8) Finished request Waking up in 0.2 seconds. (9) Received Access-Request Id 228 from 10.5.0.11:36258 to 160.36.188.35:1812 length 365 (9) User-Name = 'asdf@utk.edu' (9) NAS-IP-Address = 10.5.1.52 (9) NAS-Port = 0 (9) NAS-Identifier = 'eduroam' (9) NAS-Port-Type = Wireless-802.11 (9) Calling-Station-Id = '606720b6d928' (9) Called-Station-Id = '001a1e00cc48' (9) Service-Type = Login-User (9) Framed-MTU = 1100 (9) EAP-Message = 0x020a009019001703010020424b276c7efd887f48104a5e9accc5579179781ae2b09c3d1d4fdfea230a6a501703010060edf573ec6582ea85be84a6b9fb3960831a4c0607c86a9570d214e37ae6d82f040bbdd67fcd251e25153588e1a5234dce8f28c9b4c5ba315b1c788745341ccd8444bc6d948042e3 (9) State = 0x78fd83c070f79aaab77aabb1eee2fef2 (9) Aruba-Essid-Name = 'frtest-eduroam' (9) Aruba-Location-Id = 'WMN-01-04' (9) Aruba-AP-Group = 'MN - Kingston Pike Building' (9) Message-Authenticator = 0x3fd43e646d259014bce34acf2f984783 (9) session-state: No cached attributes (9) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (9) authorize { (9) if ( NAS-Identifier != 'eduroam' ) { (9) if ( NAS-Identifier != 'eduroam' ) -> FALSE (9) update control { (9) &Cache-Status-Only = yes (9) } # update control = noop (9) eduroam_inner_cache: EXPAND %{User-Name} (9) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (9) eduroam_inner_cache: Retrieved 223 bytes from memcached (9) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (9) eduroam_inner_cache: Found entry for "asdf@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (9) [eduroam_inner_cache] = ok (9) if (notfound) { (9) if (notfound) -> FALSE (9) else { (9) update control { (9) &Cache-Read-Only = yes (9) &Cache-Merge = yes (9) } # update control = noop (9) } # else = noop (9) eduroam_inner_cache: EXPAND %{User-Name} (9) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (9) eduroam_inner_cache: Retrieved 223 bytes from memcached (9) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (9) eduroam_inner_cache: Found entry for "asdf@utk.edu" (9) eduroam_inner_cache: Merging cache entry into request (9) eduroam_inner_cache: &control:Aruba-User-Role = '' (9) eduroam_inner_cache: &request:Stripped-User-Name = '' (9) eduroam_inner_cache: &request:Realm = '' (9) eduroam_inner_cache: &reply:Reply-Message = '' rlm_cache (eduroam_inner_cache): Released connection (4) (9) [eduroam_inner_cache] = ok (9) policy debug_all { (9) policy debug_control { (9) if ("%{debug_attr:control:}" == '') { (9) Attributes matching "control:" (9) &control:Cache-Merge = yes (9) &control:Aruba-User-Role = (9) EXPAND %{debug_attr:control:} (9) --> (9) if ("%{debug_attr:control:}" == '') -> TRUE (9) if ("%{debug_attr:control:}" == '') { (9) [noop] = noop (9) } # if ("%{debug_attr:control:}" == '') = noop (9) } # policy debug_control = noop (9) policy debug_request { (9) if ("%{debug_attr:request:}" == '') { (9) Attributes matching "request:" (9) &request:User-Name = asdf@utk.edu (9) &request:NAS-IP-Address = 10.5.1.52 (9) &request:NAS-Port = 0 (9) &request:NAS-Identifier = eduroam (9) &request:NAS-Port-Type = Wireless-802.11 (9) &request:Calling-Station-Id = 606720b6d928 (9) &request:Called-Station-Id = 001a1e00cc48 (9) &request:Service-Type = Login-User (9) &request:Framed-MTU = 1100 (9) &request:EAP-Message = 0x020a009019001703010020424b276c7efd887f48104a5e9accc5579179781ae2b09c3d1d4fdfea230a6a501703010060edf573ec6582ea85be84a6b9fb3960831a4c0607c86a9570d214e37ae6d82f040bbdd67fcd251e25153588e1a5234dce8f28c9b4c5ba315b1c788745341ccd8444bc6d948042e3eae1e7b4b7613b5ac997c72106895a88e95a5787778cf63ee9 (9) &request:State = 0x78fd83c070f79aaab77aabb1eee2fef2 (9) &request:Aruba-Essid-Name = frtest-eduroam (9) &request:Aruba-Location-Id = WMN-01-04 (9) &request:Aruba-AP-Group = MN - Kingston Pike Building (9) &request:Message-Authenticator = 0x3fd43e646d259014bce34acf2f984783 (9) &request:Stripped-User-Name = (9) &request:Realm = (9) EXPAND %{debug_attr:request:} (9) --> (9) if ("%{debug_attr:request:}" == '') -> TRUE (9) if ("%{debug_attr:request:}" == '') { (9) [noop] = noop (9) } # if ("%{debug_attr:request:}" == '') = noop (9) } # policy debug_request = noop (9) policy debug_reply { (9) if ("%{debug_attr:reply:}" == '') { (9) Attributes matching "reply:" (9) &reply:Reply-Message = (9) EXPAND %{debug_attr:reply:} (9) --> (9) if ("%{debug_attr:reply:}" == '') -> TRUE (9) if ("%{debug_attr:reply:}" == '') { (9) [noop] = noop (9) } # if ("%{debug_attr:reply:}" == '') = noop (9) } # policy debug_reply = noop (9) } # policy debug_all = noop (9) eduroam_eap: Peer sent code Response (2) ID 10 length 144 (9) eduroam_eap: Continuing tunnel setup (9) [eduroam_eap] = ok (9) [mschap] = noop (9) [chap] = noop (9) [pap] = noop (9) } # authorize = ok (9) Found Auth-Type = eduroam_eap (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (9) Auth-Type eduroam_eap { (9) eduroam_eap: Expiring EAP session with state 0xfc7f4e92fc75541c (9) eduroam_eap: Finished EAP session with state 0x78fd83c070f79aaa (9) eduroam_eap: Previous EAP request found for state 0x78fd83c070f79aaa, released from the list (9) eduroam_eap: Peer sent method PEAP (25) (9) eduroam_eap: EAP PEAP (25) (9) eduroam_eap: Calling eap_peap to process EAP data (9) eap_peap: processing EAP-TLS (9) eap_peap: eaptls_verify returned 7 (9) eap_peap: Done initial handshake (9) eap_peap: eaptls_process returned 7 (9) eap_peap: FR_TLS_OK (9) eap_peap: Session established. Decoding tunneled attributes (9) eap_peap: PEAP state phase2 (9) eap_peap: EAP type MSCHAPv2 (26) (9) eap_peap: Got tunneled request (9) eap_peap: EAP-Message = 0x020a004b1a020a004631ff42d9738db467725540769e46b60bae000000000000000073a69432228e4e93acc1ed1fc9fc4741b29b615ef7efea80006b6269726b656c614075746b2e656475 (9) eap_peap: Setting User-Name to kbirkela@utk.edu (9) eap_peap: Sending tunneled request to eduroam (9) eap_peap: EAP-Message = 0x020a004b1a020a004631ff42d9738db467725540769e46b60bae000000000000000073a69432228e4e93acc1ed1fc9fc4741b29b615ef7efea80006b6269726b656c614075746b2e656475 (9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (9) eap_peap: User-Name = 'kbirkela@utk.edu' (9) eap_peap: State = 0xfc7f4e92fc75541c029a41452a9ec0ee (9) eap_peap: NAS-IP-Address = 10.5.1.52 (9) eap_peap: NAS-Port = 0 (9) eap_peap: NAS-Identifier = 'eduroam' (9) eap_peap: NAS-Port-Type = Wireless-802.11 (9) eap_peap: Calling-Station-Id = '606720b6d928' (9) eap_peap: Called-Station-Id = '001a1e00cc48' (9) eap_peap: Service-Type = Login-User (9) eap_peap: Framed-MTU = 1100 (9) eap_peap: Aruba-Essid-Name = 'frtest-eduroam' (9) eap_peap: Aruba-Location-Id = 'WMN-01-04' (9) eap_peap: Aruba-AP-Group = 'MN - Kingston Pike Building' (9) Virtual server received request (9) EAP-Message = 0x020a004b1a020a004631ff42d9738db467725540769e46b60bae000000000000000073a69432228e4e93acc1ed1fc9fc4741b29b615ef7efea80006b6269726b656c614075746b2e656475 (9) FreeRADIUS-Proxied-To = 127.0.0.1 (9) User-Name = 'kbirkela@utk.edu' (9) State = 0xfc7f4e92fc75541c029a41452a9ec0ee (9) NAS-IP-Address = 10.5.1.52 (9) NAS-Port = 0 (9) NAS-Identifier = 'eduroam' (9) NAS-Port-Type = Wireless-802.11 (9) Calling-Station-Id = '606720b6d928' (9) Called-Station-Id = '001a1e00cc48' (9) Service-Type = Login-User (9) Framed-MTU = 1100 (9) Aruba-Essid-Name = 'frtest-eduroam' (9) Aruba-Location-Id = 'WMN-01-04' (9) Aruba-AP-Group = 'MN - Kingston Pike Building' (9) server eduroam { (9) session-state: No cached attributes (9) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (9) authorize { (9) if ( NAS-Identifier != 'eduroam' ) { (9) if ( NAS-Identifier != 'eduroam' ) -> FALSE (9) update control { (9) &Cache-Status-Only = yes (9) } # update control = noop (9) eduroam_inner_cache: EXPAND %{User-Name} (9) eduroam_inner_cache: --> kbirkela@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (9) eduroam_inner_cache: Retrieved 222 bytes from memcached (9) eduroam_inner_cache: &Cache-Expires = 1428971064 &Cache-Created = 1428956664 &control:Aruba-User-Role := 'eduroam-ns' &Stripped-User-Name = 'kbirkela' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:24 2015' (9) eduroam_inner_cache: Found entry for "kbirkela@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (9) [eduroam_inner_cache] = ok (9) if (notfound) { (9) if (notfound) -> FALSE (9) else { (9) update control { (9) &Cache-Read-Only = yes (9) &Cache-Merge = yes (9) } # update control = noop (9) } # else = noop (9) eduroam_inner_cache: EXPAND %{User-Name} (9) eduroam_inner_cache: --> kbirkela@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (9) eduroam_inner_cache: Retrieved 222 bytes from memcached (9) eduroam_inner_cache: &Cache-Expires = 1428971064 &Cache-Created = 1428956664 &control:Aruba-User-Role := 'eduroam-ns' &Stripped-User-Name = 'kbirkela' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:24 2015' (9) eduroam_inner_cache: Found entry for "kbirkela@utk.edu" (9) eduroam_inner_cache: Merging cache entry into request (9) eduroam_inner_cache: &control:Aruba-User-Role = '' (9) eduroam_inner_cache: &request:Stripped-User-Name = '' (9) eduroam_inner_cache: &request:Realm = '' (9) eduroam_inner_cache: &reply:Reply-Message = '' rlm_cache (eduroam_inner_cache): Released connection (4) (9) [eduroam_inner_cache] = ok (9) policy debug_all { (9) policy debug_control { (9) if ("%{debug_attr:control:}" == '') { (9) Attributes matching "control:" (9) &control:Cache-Merge = yes (9) &control:Aruba-User-Role = (9) EXPAND %{debug_attr:control:} (9) --> (9) if ("%{debug_attr:control:}" == '') -> TRUE (9) if ("%{debug_attr:control:}" == '') { (9) [noop] = noop (9) } # if ("%{debug_attr:control:}" == '') = noop (9) } # policy debug_control = noop (9) policy debug_request { (9) if ("%{debug_attr:request:}" == '') { (9) Attributes matching "request:" (9) &request:EAP-Message = 0x020a004b1a020a004631ff42d9738db467725540769e46b60bae000000000000000073a69432228e4e93acc1ed1fc9fc4741b29b615ef7efea80006b6269726b656c614075746b2e656475 (9) &request:FreeRADIUS-Proxied-To = 127.0.0.1 (9) &request:User-Name = kbirkela@utk.edu (9) &request:State = 0xfc7f4e92fc75541c029a41452a9ec0ee (9) &request:NAS-IP-Address = 10.5.1.52 (9) &request:NAS-Port = 0 (9) &request:NAS-Identifier = eduroam (9) &request:NAS-Port-Type = Wireless-802.11 (9) &request:Calling-Station-Id = 606720b6d928 (9) &request:Called-Station-Id = 001a1e00cc48 (9) &request:Service-Type = Login-User (9) &request:Framed-MTU = 1100 (9) &request:Aruba-Essid-Name = frtest-eduroam (9) &request:Aruba-Location-Id = WMN-01-04 (9) &request:Aruba-AP-Group = MN - Kingston Pike Building (9) &request:Stripped-User-Name = (9) &request:Realm = (9) EXPAND %{debug_attr:request:} (9) --> (9) if ("%{debug_attr:request:}" == '') -> TRUE (9) if ("%{debug_attr:request:}" == '') { (9) [noop] = noop (9) } # if ("%{debug_attr:request:}" == '') = noop (9) } # policy debug_request = noop (9) policy debug_reply { (9) if ("%{debug_attr:reply:}" == '') { (9) Attributes matching "reply:" (9) &reply:Reply-Message = (9) EXPAND %{debug_attr:reply:} (9) --> (9) if ("%{debug_attr:reply:}" == '') -> TRUE (9) if ("%{debug_attr:reply:}" == '') { (9) [noop] = noop (9) } # if ("%{debug_attr:reply:}" == '') = noop (9) } # policy debug_reply = noop (9) } # policy debug_all = noop (9) eduroam_eap: Peer sent code Response (2) ID 10 length 75 (9) eduroam_eap: No EAP Start, assuming it's an on-going EAP conversation (9) [eduroam_eap] = updated (9) [mschap] = noop (9) [chap] = noop (9) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (9) pap: WARNING: Authentication will fail unless a "known good" password is available (9) [pap] = noop (9) } # authorize = updated (9) Found Auth-Type = eduroam_eap (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (9) Auth-Type eduroam_eap { (9) eduroam_eap: Expiring EAP session with state 0xfc7f4e92fc75541c (9) eduroam_eap: Finished EAP session with state 0xfc7f4e92fc75541c (9) eduroam_eap: Previous EAP request found for state 0xfc7f4e92fc75541c, released from the list (9) eduroam_eap: Peer sent method MSCHAPv2 (26) (9) eduroam_eap: EAP MSCHAPv2 (26) (9) eduroam_eap: Calling eap_mschapv2 to process EAP data (9) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (9) eap_mschapv2: Auth-Type MS-CHAP { (9) mschap: Creating challenge hash with username: kbirkela@utk.edu (9) mschap: Client is using MS-CHAPv2 (9) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}: (9) mschap: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} (9) mschap: --> --username= (9) mschap: Creating challenge hash with username: kbirkela@utk.edu (9) mschap: EXPAND --challenge=%{%{mschap:Challenge}:-00} (9) mschap: --> --challenge=ae049e3aabbe03ac (9) mschap: EXPAND --nt-response=%{%{mschap:NT-Response}:-00} (9) mschap: --> --nt-response=73a69432228e4e93acc1ed1fc9fc4741b29b615ef7efea80 username must be specified! Usage: [OPTION...] --helper-protocol=helper protocol to use operate as a stdio-based helper --username=STRING username --domain=STRING domain name --workstation=STRING workstation --challenge=STRING challenge (HEX encoded) --lm-response=STRING LM Response to the challenge (HEX encoded) --nt-response=STRING NT or NTLMv2 Response to the challenge (HEX encoded) --password=STRING User's plaintext password --request-lm-key Retrieve LM session key --request-nt-key Retrieve User (NT) session key --use-cached-creds Use cached credentials if no password is given --diagnostics Perform diagnostics on the authentication chain --require-membership-of=STRING Require that a user be a member of this group (either name or SID) for authentication to succeed --pam-winbind-conf=STRING Require that request must set WBFLAG_PAM_CONTACT_TRUSTDOM when krb5 auth is required --target-service=STRING Target service (eg http) --target-hostname=STRING Target hostname Help options: -?, --help Show this help message --usage Display brief usage message Common samba config: --configfile=CONFIGFILE Use alternate configuration file Common samba options: -V, --version Print version (9) mschap: ERROR: Program returned code (1) and output '' (9) mschap: External script failed (9) mschap: ERROR: External script says: (9) mschap: ERROR: MS-CHAP2-Response is incorrect (9) [mschap] = reject (9) } # Auth-Type MS-CHAP = reject (9) eduroam_eap: Freeing handler (9) [eduroam_eap] = reject (9) } # Auth-Type eduroam_eap = reject (9) Failed to authenticate the user (9) Using Post-Auth-Type Reject (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (9) Post-Auth-Type REJECT { (9) sql: EXPAND .query (9) sql: --> .query (9) sql: Using query template 'query' rlm_sql (sql): Reserved connection (4) (9) sql: EXPAND %{User-Name} (9) sql: --> kbirkela@utk.edu (9) sql: SQL-User-Name set to 'kbirkela@utk.edu' (9) sql: EXPAND INSERT INTO radpostauth (username, outerusername, reply, calledstationid, callingstationid, arubauserrole, arubauservlan, modulefailuremessage, nasipaddress, arubalocationid, arubaapgroup, arubaessidname, arubadevicetype, authdate) VALUES('%{%{reply:User-Name}:-%{User-Name}}', '%{%{outer.request:User-Name}:-%{request:User-Name}}', '%{reply:Packet-Type}', '%{Called-Station-Id}', '%{Calling-Station-Id}', NULLIF('%{reply:Aruba-User-Role}', ''), NULLIF('%{reply:Aruba-User-Vlan}', '')::int, NULLIF('%{Module-Failure-Message[*]}', ''), NULLIF('%{NAS-IP-Address}', '')::inet, NULLIF('%{Aruba-Location-Id}', ''), NULLIF('%{Aruba-AP-Group}', ''), NULLIF('%{Aruba-Essid-Name}', ''), NULLIF('%{Aruba-Device-Type}', ''), NOW()) (9) sql: --> INSERT INTO radpostauth (username, outerusername, reply, calledstationid, callingstationid, arubauserrole, arubauservlan, modulefailuremessage, nasipaddress, arubalocationid, arubaapgroup, arubaessidname, arubadevicetype, authdate) VALUES('kbirkela@utk.edu', 'asdf@utk.edu', 'Access-Reject', '001a1e00cc48', '606720b6d928', NULLIF('', ''), NULLIF('', '')::int, NULLIF('mschap: Program returned code =281=29 and output =27=27=2Cmschap: External script says: =2Cmschap: MS-CHAP2-Response is incorrect', ''), NULLIF('10.5.1.52', '')::inet, NULLIF('WMN-01-04', ''), NULLIF('MN - Kingston Pike Building', ''), NULLIF('frtest-eduroam', ''), NULLIF('', ''), NOW()) (9) sql: Executing query: INSERT INTO radpostauth (username, outerusername, reply, calledstationid, callingstationid, arubauserrole, arubauservlan, modulefailuremessage, nasipaddress, arubalocationid, arubaapgroup, arubaessidname, arubadevicetype, authdate) VALUES('kbirkela@utk.edu', 'asdf@utk.edu', 'Access-Reject', '001a1e00cc48', '606720b6d928', NULLIF('', ''), NULLIF('', '')::int, NULLIF('mschap: Program returned code =281=29 and output =27=27=2Cmschap: External script says: =2Cmschap: MS-CHAP2-Response is incorrect', ''), NULLIF('10.5.1.52', '')::inet, NULLIF('WMN-01-04', ''), NULLIF('MN - Kingston Pike Building', ''), NULLIF('frtest-eduroam', ''), NULLIF('', ''), NOW()) rlm_sql_postgresql: Status: PGRES_COMMAND_OK rlm_sql_postgresql: query affected rows = 1 (9) sql: SQL query returned: success (9) sql: 1 record(s) updated rlm_sql (sql): Released connection (4) (9) [sql] = ok (9) attr_filter.access_reject: EXPAND %{User-Name} (9) attr_filter.access_reject: --> kbirkela@utk.edu (9) attr_filter.access_reject: Matched entry DEFAULT at line 17 (9) [attr_filter.access_reject] = updated (9) } # Post-Auth-Type REJECT = updated (9) } # server eduroam (9) Virtual server sending reply (9) Reply-Message = '' (9) MS-CHAP-Error = '\nE=691 R=1' (9) EAP-Message = 0x040a0004 (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) eap_peap: Got tunneled reply code 3 (9) eap_peap: Reply-Message = '' (9) eap_peap: MS-CHAP-Error = '\nE=691 R=1' (9) eap_peap: EAP-Message = 0x040a0004 (9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (9) eap_peap: Got tunneled reply RADIUS code 3 (9) eap_peap: Reply-Message = '' (9) eap_peap: MS-CHAP-Error = '\nE=691 R=1' (9) eap_peap: EAP-Message = 0x040a0004 (9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (9) eap_peap: Tunneled authentication was rejected (9) eap_peap: FAILURE (9) eduroam_eap: EAP session adding &reply:State = 0x78fd83c071f69aaa (9) [eduroam_eap] = handled (9) } # Auth-Type eduroam_eap = handled (9) Using Post-Auth-Type Challenge (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (9) Sent Access-Challenge Id 228 from 160.36.188.35:1812 to 10.5.0.11:36258 length 101 (9) Reply-Message = '' (9) EAP-Message = 0x010b002b190017030100206cd4174c84a9b28218f656896269ff4b7efe0688636b5db3a81ccd5c6d6f0d7b (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) State = 0x78fd83c071f69aaab77aabb1eee2fef2 (9) Finished request Waking up in 0.2 seconds. (10) Received Access-Request Id 227 from 10.5.0.11:36258 to 160.36.188.35:1812 length 301 (10) User-Name = 'asdf@utk.edu' (10) NAS-IP-Address = 10.5.1.52 (10) NAS-Port = 0 (10) NAS-Identifier = 'eduroam' (10) NAS-Port-Type = Wireless-802.11 (10) Calling-Station-Id = '606720b6d928' (10) Called-Station-Id = '001a1e00cc48' (10) Service-Type = Login-User (10) Framed-MTU = 1100 (10) EAP-Message = 0x020b0050190017030100205485b48377beb73bef9e47320c475f1e143d6202dc9e920f4bdcb06696e23d201703010020c7b8213f1ec05417756d4e3ad31b2f589870f418a03a875ada361fcddbbe4c1c (10) State = 0x78fd83c071f69aaab77aabb1eee2fef2 (10) Aruba-Essid-Name = 'frtest-eduroam' (10) Aruba-Location-Id = 'WMN-01-04' (10) Aruba-AP-Group = 'MN - Kingston Pike Building' (10) Message-Authenticator = 0x4dd8154e20bac98b791b734c9ec6aa46 (10) session-state: No cached attributes (10) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/eduroam (10) authorize { (10) if ( NAS-Identifier != 'eduroam' ) { (10) if ( NAS-Identifier != 'eduroam' ) -> FALSE (10) update control { (10) &Cache-Status-Only = yes (10) } # update control = noop (10) eduroam_inner_cache: EXPAND %{User-Name} (10) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (10) eduroam_inner_cache: Retrieved 223 bytes from memcached (10) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (10) eduroam_inner_cache: Found entry for "asdf@utk.edu" rlm_cache (eduroam_inner_cache): Released connection (4) (10) [eduroam_inner_cache] = ok (10) if (notfound) { (10) if (notfound) -> FALSE (10) else { (10) update control { (10) &Cache-Read-Only = yes (10) &Cache-Merge = yes (10) } # update control = noop (10) } # else = noop (10) eduroam_inner_cache: EXPAND %{User-Name} (10) eduroam_inner_cache: --> asdf@utk.edu rlm_cache (eduroam_inner_cache): Reserved connection (4) (10) eduroam_inner_cache: Retrieved 223 bytes from memcached (10) eduroam_inner_cache: &Cache-Expires = 1428971063 &Cache-Created = 1428956663 &control:Aruba-User-Role := 'eduroam-student' &Stripped-User-Name = 'asdf' &Realm = 'utk.edu' &reply:Reply-Message += 'Cache last updated at Mon Apr 13 16:24:23 2015' (10) eduroam_inner_cache: Found entry for "asdf@utk.edu" (10) eduroam_inner_cache: Merging cache entry into request (10) eduroam_inner_cache: &control:Aruba-User-Role = '' (10) eduroam_inner_cache: &request:Stripped-User-Name = '' (10) eduroam_inner_cache: &request:Realm = '' (10) eduroam_inner_cache: &reply:Reply-Message = '' rlm_cache (eduroam_inner_cache): Released connection (4) (10) [eduroam_inner_cache] = ok (10) policy debug_all { (10) policy debug_control { (10) if ("%{debug_attr:control:}" == '') { (10) Attributes matching "control:" (10) &control:Cache-Merge = yes (10) &control:Aruba-User-Role = (10) EXPAND %{debug_attr:control:} (10) --> (10) if ("%{debug_attr:control:}" == '') -> TRUE (10) if ("%{debug_attr:control:}" == '') { (10) [noop] = noop (10) } # if ("%{debug_attr:control:}" == '') = noop (10) } # policy debug_control = noop (10) policy debug_request { (10) if ("%{debug_attr:request:}" == '') { (10) Attributes matching "request:" (10) &request:User-Name = asdf@utk.edu (10) &request:NAS-IP-Address = 10.5.1.52 (10) &request:NAS-Port = 0 (10) &request:NAS-Identifier = eduroam (10) &request:NAS-Port-Type = Wireless-802.11 (10) &request:Calling-Station-Id = 606720b6d928 (10) &request:Called-Station-Id = 001a1e00cc48 (10) &request:Service-Type = Login-User (10) &request:Framed-MTU = 1100 (10) &request:EAP-Message = 0x020b0050190017030100205485b48377beb73bef9e47320c475f1e143d6202dc9e920f4bdcb06696e23d201703010020c7b8213f1ec05417756d4e3ad31b2f589870f418a03a875ada361fcddbbe4c1c (10) &request:State = 0x78fd83c071f69aaab77aabb1eee2fef2 (10) &request:Aruba-Essid-Name = frtest-eduroam (10) &request:Aruba-Location-Id = WMN-01-04 (10) &request:Aruba-AP-Group = MN - Kingston Pike Building (10) &request:Message-Authenticator = 0x4dd8154e20bac98b791b734c9ec6aa46 (10) &request:Stripped-User-Name = (10) &request:Realm = (10) EXPAND %{debug_attr:request:} (10) --> (10) if ("%{debug_attr:request:}" == '') -> TRUE (10) if ("%{debug_attr:request:}" == '') { (10) [noop] = noop (10) } # if ("%{debug_attr:request:}" == '') = noop (10) } # policy debug_request = noop (10) policy debug_reply { (10) if ("%{debug_attr:reply:}" == '') { (10) Attributes matching "reply:" (10) &reply:Reply-Message = (10) EXPAND %{debug_attr:reply:} (10) --> (10) if ("%{debug_attr:reply:}" == '') -> TRUE (10) if ("%{debug_attr:reply:}" == '') { (10) [noop] = noop (10) } # if ("%{debug_attr:reply:}" == '') = noop (10) } # policy debug_reply = noop (10) } # policy debug_all = noop (10) eduroam_eap: Peer sent code Response (2) ID 11 length 80 (10) eduroam_eap: Continuing tunnel setup (10) [eduroam_eap] = ok (10) [mschap] = noop (10) [chap] = noop (10) [pap] = noop (10) } # authorize = ok (10) Found Auth-Type = eduroam_eap (10) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (10) Auth-Type eduroam_eap { (10) eduroam_eap: Expiring EAP session with state 0x78fd83c071f69aaa (10) eduroam_eap: Finished EAP session with state 0x78fd83c071f69aaa (10) eduroam_eap: Previous EAP request found for state 0x78fd83c071f69aaa, released from the list (10) eduroam_eap: Peer sent method PEAP (25) (10) eduroam_eap: EAP PEAP (25) (10) eduroam_eap: Calling eap_peap to process EAP data (10) eap_peap: processing EAP-TLS (10) eap_peap: eaptls_verify returned 7 (10) eap_peap: Done initial handshake (10) eap_peap: eaptls_process returned 7 (10) eap_peap: FR_TLS_OK (10) eap_peap: Session established. Decoding tunneled attributes (10) eap_peap: PEAP state send tlv failure (10) eap_peap: Received EAP-TLV response (10) eap_peap: The users session was previously rejected: returning reject (again.) (10) eap_peap: This means you need to read the PREVIOUS messages in the debug output (10) eap_peap: to find out the reason why the user was rejected (10) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you (10) eap_peap: what went wrong, and how to fix the problem SSL: Removing session 659a93f60c9895b2494d0a6f17c7a19f3e2df68c1cf134d2b748d33d4dc25b29 from the cache (10) eduroam_eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed (10) eduroam_eap: Failed in EAP select (10) [eduroam_eap] = invalid (10) } # Auth-Type eduroam_eap = invalid (10) Failed to authenticate the user (10) Using Post-Auth-Type Reject (10) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam (10) Post-Auth-Type REJECT { (10) sql: EXPAND .query (10) sql: --> .query (10) sql: Using query template 'query' rlm_sql (sql): Reserved connection (4) (10) sql: EXPAND %{User-Name} (10) sql: --> asdf@utk.edu (10) sql: SQL-User-Name set to 'asdf@utk.edu' (10) sql: EXPAND INSERT INTO radpostauth (username, outerusername, reply, calledstationid, callingstationid, arubauserrole, arubauservlan, modulefailuremessage, nasipaddress, arubalocationid, arubaapgroup, arubaessidname, arubadevicetype, authdate) VALUES('%{%{reply:User-Name}:-%{User-Name}}', '%{%{outer.request:User-Name}:-%{request:User-Name}}', '%{reply:Packet-Type}', '%{Called-Station-Id}', '%{Calling-Station-Id}', NULLIF('%{reply:Aruba-User-Role}', ''), NULLIF('%{reply:Aruba-User-Vlan}', '')::int, NULLIF('%{Module-Failure-Message[*]}', ''), NULLIF('%{NAS-IP-Address}', '')::inet, NULLIF('%{Aruba-Location-Id}', ''), NULLIF('%{Aruba-AP-Group}', ''), NULLIF('%{Aruba-Essid-Name}', ''), NULLIF('%{Aruba-Device-Type}', ''), NOW()) (10) sql: --> INSERT INTO radpostauth (username, outerusername, reply, calledstationid, callingstationid, arubauserrole, arubauservlan, modulefailuremessage, nasipaddress, arubalocationid, arubaapgroup, arubaessidname, arubadevicetype, authdate) VALUES('asdf@utk.edu', 'asdf@utk.edu', 'Access-Reject', '001a1e00cc48', '606720b6d928', NULLIF('', ''), NULLIF('', '')::int, NULLIF('eduroam_eap: Failed continuing EAP PEAP =2825=29 session. EAP sub-module failed', ''), NULLIF('10.5.1.52', '')::inet, NULLIF('WMN-01-04', ''), NULLIF('MN - Kingston Pike Building', ''), NULLIF('frtest-eduroam', ''), NULLIF('', ''), NOW()) (10) sql: Executing query: INSERT INTO radpostauth (username, outerusername, reply, calledstationid, callingstationid, arubauserrole, arubauservlan, modulefailuremessage, nasipaddress, arubalocationid, arubaapgroup, arubaessidname, arubadevicetype, authdate) VALUES('asdf@utk.edu', 'asdf@utk.edu', 'Access-Reject', '001a1e00cc48', '606720b6d928', NULLIF('', ''), NULLIF('', '')::int, NULLIF('eduroam_eap: Failed continuing EAP PEAP =2825=29 session. EAP sub-module failed', ''), NULLIF('10.5.1.52', '')::inet, NULLIF('WMN-01-04', ''), NULLIF('MN - Kingston Pike Building', ''), NULLIF('frtest-eduroam', ''), NULLIF('', ''), NOW()) rlm_sql_postgresql: Status: PGRES_COMMAND_OK rlm_sql_postgresql: query affected rows = 1 (10) sql: SQL query returned: success (10) sql: 1 record(s) updated rlm_sql (sql): Released connection (4) (10) [sql] = ok (10) attr_filter.access_reject: EXPAND %{User-Name} (10) attr_filter.access_reject: --> asdf@utk.edu (10) attr_filter.access_reject: Matched entry DEFAULT at line 17 (10) [attr_filter.access_reject] = updated (10) } # Post-Auth-Type REJECT = updated (10) Delaying response for 1.000000 seconds Waking up in 0.2 seconds. Waking up in 0.6 seconds. (10) Sending delayed response (10) Sent Access-Reject Id 227 from 160.36.188.35:1812 to 10.5.0.11:36258 length 44 (10) Reply-Message = '' (10) EAP-Message = 0x040b0004 (10) Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. (0) : Cleaning up request packet ID 219 with timestamp +14 (1) : Cleaning up request packet ID 217 with timestamp +14 (2) : Cleaning up request packet ID 221 with timestamp +15 (3) : Cleaning up request packet ID 218 with timestamp +15 (4) : Cleaning up request packet ID 222 with timestamp +15 (5) : Cleaning up request packet ID 220 with timestamp +15 (6) : Cleaning up request packet ID 223 with timestamp +15 (7) : Cleaning up request packet ID 225 with timestamp +15 (8) : Cleaning up request packet ID 224 with timestamp +15 (9) : Cleaning up request packet ID 228 with timestamp +15 (10) Cleaning up request packet ID 227 with timestamp +15 Ready to process requests